CVE-2018-20671
Ubuntu Security Notice USN-4336-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
load_specific_debug_section en objdump.c en GNU Binutils hasta la versión 2.31.1 contiene una vulnerabilidad de desbordamiento de enteros que puede provocar un desbordamiento de búfer basado en memoria dinámica (heap) mediante un tamaño de sección manipulado.
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2019-01-04 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106457 | Third Party Advisory | |
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11fa9f134fd658075c6f74499c780df045d9e9ca | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=24005 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html | 2023-11-07 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html | 2023-11-07 | |
| https://usn.ubuntu.com/4336-1 | 2023-11-07 |