Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-18309

Good to know:

icon

Date: October 14, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.

Language: C

Severity Score

Related Resources (11)

https://sourceware.org/bugzilla/show_bug.cgi?id=23770
http://www.securityfocus.com/bid/105692
https://nvd.nist.gov/vuln/detail/CVE-2018-18309
https://usn.ubuntu.com/4336-1/
https://access.redhat.com/security/cve/CVE-2018-18309
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0930cb3021b8078b34cf216e79eb8608d017864f
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18309
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
https://security-tracker.debian.org/tracker/CVE-2018-18309
https://www.mend.io/vulnerability-database/CVE-2018-18309

Severity Score

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

icon

Upgrade Version

Upgrade to version binutils-2_32

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us