CVE-2018-18606
23.10.2018, 17:29
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.31 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | data_ontap | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| binutils |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| binutils |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| binutils-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libctf-nobfd0 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libctf0 |
|
Common Weakness Enumeration
References