CVE-2018-17360
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
Se ha detectado una vulnerabilidad en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Una sobrelectura de búfer basada en memoria dinámica (heap) en bfd_getl32 en libbfd.c permite que un atacante provoque una denegación de servicio (DoS) mediante un archivo PE manipulado. Esta vulnerabilidad puede ser desencadenada por el ejecutable objdump.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-23 CVE Reserved
- 2018-09-23 CVE Published
- 2023-09-17 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://sourceware.org/bugzilla/show_bug.cgi?id=23685 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html | 2019-10-31 | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html | 2019-10-31 | |
https://usn.ubuntu.com/4336-1 | 2019-10-31 |