CVE-2018-20623
Ubuntu Security Notice USN-4336-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.
En la versión 2.31.1 de GNU Binutils hay una vulnerabilidad de uso de memoria previamente liberada en la función "error" en elfcomm.c, cuando esta última es llamada por la función process_archive en readelf.c mediante un archivo ELF manipulado.
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-31 CVE Reserved
- 2018-12-31 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106370 | Third Party Advisory | |
| https://support.f5.com/csp/article/K38336243 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=24049 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html | 2019-10-31 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html | 2019-10-31 | |
| https://usn.ubuntu.com/4336-1 | 2019-10-31 |