Lucene search

PRIOn knowledge basePRION:CVE-2018-18607

HistoryOct 23, 2018 - 5:29 p.m.

Null pointer dereference

2018-10-2317:29:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq7.0
debian_linuxeq9.0
binutilseq2.31

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	7.0
debian_linux	eq	9.0
binutils	eq	2.31

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

www.securityfocus.com/bid/105754

security.netapp.com/advisory/ntap-20190307-0003/

sourceware.org/bugzilla/show_bug.cgi?id=23805

sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a

usn.ubuntu.com/4336-1/