CVE-2018-6323
GNU binutils 2.26.1 - Integer Overflow (PoC)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
La función elf_object_p en elfcode.h en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29.1, tiene un desbordamiento de enteros no firmados debido a que no se emplea la multiplicación bfd_size_type. Un archivo ELF manipulado permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro impacto sin especificar.
GNU binutils version 2.26.1 suffers from an integer overflow vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-26 CVE Reserved
- 2018-01-26 CVE Published
- 2024-01-06 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102821 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44035 | 2024-08-05 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=22746 | 2024-08-05 |
| URL | Date | SRC |
|---|