CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6759 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-6759
06 Feb 2018 — The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. La función bfd_get_debug_link_info_1 en opncls.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29.2,30, tiene una operación strnlen... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6543 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-6543
02 Feb 2018 — In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. En GNU Binutils 2.30, hay un desbordamiento de enteros en la función load_specific_debug_section() en objdump.c, que resulta en "malloc()" con tamaño 0. Un archivo ELF manipulado permite que atacantes remotos provoquen una den... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound •