CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000876 – binutils: integer overflow leads to heap-based buffer overflow in objdump
https://notcve.org/view.php?id=CVE-2018-1000876
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. binutils, en versiones 2.32 y anteriores, contiene una vulnerabilidad de desbordamiento de enteros en objdump, bfd_get_dynamic_reloc_upper_bound y bfd_canonicalize_dynamic_reloc que puede resultar en un desbordamiento de enteros que desencadena un desbordamiento de memoria dinámica (heap). Si se explota con éxito, podría conducir a la ejecución de código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/106304 https://access.redhat.com/errata/RHSA-2019:2075 https://sourceware.org/bugzilla/show_bug.cgi?id=23994 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla. • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20002
https://notcve.org/view.php?id=CVE-2018-20002
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. La función _bfd_generic_read_minisymbols en syms.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31, tiene una fuga de memoria mediante un archivo ELF manipulado, que conduce a una denegación de servicio (consumo de memoria), tal y como queda demostrado con nm. • http://www.securityfocus.com/bid/106142 https://security.gentoo.org/glsa/201908-01 https://security.netapp.com/advisory/ntap-20190221-0004 https://sourceware.org/bugzilla/show_bug.cgi?id=23952 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9 https://support.f5.com/csp/article/K62602089 https://usn.ubuntu.com/4336-1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-19931
https://notcve.org/view.php?id=CVE-2018-19931
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. Se ha descubierto un problema en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay un desbordamiento de búfer basado en memoria dinámica (heap) en bfd_elf32_swap_phdr_in en elfcode.h debido a que el número de cabeceras del programa no está restringido. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/106144 https://security.gentoo.org/glsa/201908-01 https://security.netapp.com/advisory/ntap-20190221-0004 https://sourceware.org/bugzilla/show_bug.cgi?id=23942 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5f60af5d24d181371d67534fa273dd221df20c07 https://usn.ubuntu.com/4336-1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-19932
https://notcve.org/view.php?id=CVE-2018-19932
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Se ha descubierto un problema en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils hasta la versión 2.31. Hay un desbordamiento de enteros y un bucle infinito provocados por la macro IS_CONTAINED_BY_LMA en elf.c. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/106144 https://security.gentoo.org/glsa/201908-01 https://security.netapp.com/advisory/ntap-20190221-0004 https://sourceware.org/bugzilla/show_bug.cgi?id=23932 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=beab453223769279cc1cef68a1622ab8978641f7 https://usn.ubuntu.com/4336-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18700
https://notcve.org/view.php?id=CVE-2018-18700
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. Se ha descubierto una vulnerabilidad en cp-demangle.c en GNU libiberty, tal y como se distribuye en GNU Binutils 2.31. Hay una vulnerabilidad de consumo de pila que resulta de una recursión infinita en las funciones d_name(), d_encoding() y d_local_name() en cp-demangle.c. • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681 https://usn.ubuntu.com/4326-1 https://usn.ubuntu.com/4336-1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •