Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA10FA8FA6231FABFD0E156B411197D2AE13FD119B3BB7A01FCFFCADB6DFBCFFF
HistoryOct 18, 2019 - 3:36 a.m.

Security Bulletin: Vulnerabilities in GNU binutils affect IBM Netezza Analytics

2019-10-1803:36:34
www.ibm.com
23

0.01 Low

EPSS

Percentile

83.9%

JSON

Summary

Open Source Binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2018-10534 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds memory write in the _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142630&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10535 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142629&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-6323 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an unsigned integer overflow in the elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138359&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-6543 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the load_specific_debug_section() function in objdump.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138675&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7568 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by integer overflow in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139775&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7569 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer underflow or overflow in the read_attribute_value function in dwarf2.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with a corrupt DWARF FORM block, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139774&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7570 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139773&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7642 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by aout_32_swap_std_reloc_out NULL pointer dereference in the swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139810&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7643 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the display_debug_ranges function in dwarf.c. By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139809&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10372 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by heap-based buffer over-read in process_cu_tu_index in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142399&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10373 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142402&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-17080 **DESCRIPTION: *GNU Binutils is vulnerable to a denial of service, caused by the bfd_getl32 heap-based buffer over-read in the elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/135756&gt; for more information
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-16832 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the pe_bfd_read_buildid function in peicode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134961&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16831 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the coff_get_normalized_symtab function in coffgen.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134960&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16830 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the print_gnu_property_note function in readelf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134959&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16829 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds read in the _bfd_elf_parse_gnu_properties function in elf-properties.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134958&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16828 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow and heap-based buffer over-read flaw in the display_debug_frames function in dwarf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134957&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16827 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a slurp_symtab invalid free flaw in the aout_get_external_symbols function in aoutx.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134956&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16826 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access flaw in the coff_slurp_line_table function in coffcode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134953&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Netezza Analytics 1.2.4, 2.0-2.3, 3.0-3.0.2, 3.2-3.2.6, 3.3-3.3.3

Remediation/Fixes

Product VRMF Remediation / First Fix
IBM Netezza Analytics 3.3.4 Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm puredata systemeqany

Related

suse 2
openvas 13
nessus 39
ibm 3
oraclelinux 1
gentoo 1
amazon 1
redhat 1
centos 1
photon 9
f5 2
ubuntucve 14
redhatcve 16
cvelist 15
cve 14
debiancve 14
osv 14
nvd 14
prion 15
alpinelinux 3
veracode 7
suse
suse
Security update for binutils (moderate)
2018-10-23 15:22:34
Security update for binutils (moderate)
2018-10-18 18:52:54
openvas
openvas
openSUSE: Security Advisory for binutils (openSUSE-SU-2018:3323-1)
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1400)
2020-01-23 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2018:3170-1)
2019-01-02 00:00:00
SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2018:3170-2)
2019-01-02 00:00:00
openSUSE Security Update : binutils (openSUSE-2018-1222)
2018-10-24 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM
2018-12-17 14:20:01
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
2019-10-18 03:36:34
Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local
2019-12-20 14:31:33
oraclelinux
oraclelinux
binutils security, bug fix, and enhancement update
2018-11-05 00:00:00
gentoo
gentoo
Binutils: Multiple vulnerabilities
2018-11-27 00:00:00
amazon
amazon
Low: binutils
2019-01-07 21:47:00
redhat
redhat
(RHSA-2018:3032) Low: binutils security, bug fix, and enhancement update
2018-10-30 04:11:05
centos
centos
binutils security update
2018-11-15 18:43:31
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0064
2018-06-29 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0154
2018-06-28 00:00:00
Critical Photon OS Security Update - PHSA-2018-0064
2018-06-29 00:00:00
f5
f5
K72122162 : Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373
2018-07-23 00:00:00
K62553631 : Binutils vulnerabilities CVE-2018-7570, CVE-2018-9996, and CVE-2018-10372
2018-07-23 00:00:00
ubuntucve
ubuntucve
CVE-2017-16830
2017-11-15 00:00:00
CVE-2017-16828
2017-11-15 00:00:00
CVE-2017-16829
2017-11-15 00:00:00
redhatcve
redhatcve
CVE-2017-16829
2017-11-29 09:50:13
CVE-2017-16830
2017-11-29 09:49:27
CVE-2017-16827
2017-11-29 09:50:45
cvelist
cvelist
CVE-2017-16826
2017-11-15 08:00:00
CVE-2017-16827
2017-11-15 08:00:00
CVE-2017-16828
2017-11-15 08:00:00
cve
cve
CVE-2017-16827
2017-11-15 08:29:00
CVE-2017-16829
2017-11-15 08:29:00
CVE-2017-16828
2017-11-15 08:29:00
debiancve
debiancve
CVE-2017-16832
2017-11-15 08:29:00
CVE-2017-16830
2017-11-15 08:29:00
CVE-2017-16828
2017-11-15 08:29:00
osv
osv
CVE-2017-16828
2017-11-15 08:29:00
CVE-2017-16832
2017-11-15 08:29:00
CVE-2017-16829
2017-11-15 08:29:00
nvd
nvd
CVE-2017-16828
2017-11-15 08:29:00
CVE-2017-16830
2017-11-15 08:29:00
CVE-2017-16827
2017-11-15 08:29:00
prion
prion
Integer overflow
2017-11-15 08:29:00
Heap overflow
2017-11-30 21:29:00
Integer overflow
2017-11-15 08:29:00
alpinelinux
alpinelinux
CVE-2018-7570
2018-02-28 21:29:00
CVE-2018-7568
2018-02-28 21:29:00
CVE-2018-7569
2018-02-28 21:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:54:32
Denial Of Service (DoS)
2019-05-16 03:54:32
Denial Of Service (DoS)
2019-01-15 09:26:33

0.01 Low

EPSS

Percentile

83.9%

JSON
Related for A10FA8FA6231FABFD0E156B411197D2AE13FD119B3BB7A01FCFFCADB6DFBCFFF
suse2openvas13nessus39ibm3oraclelinux1gentoo1amazon1redhat1centos1photon9f52ubuntucve14redhatcve16cvelist15cve14debiancve14osv14nvd14prion15alpinelinux3veracode7