7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.6%
Issue Overview:
An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.(CVE-2018-7568)
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a “SECTION” type that has a “0” value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.(CVE-2018-10535)
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.(CVE-2018-7643)
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.(CVE-2018-10373)
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-6323)
An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.(CVE-2018-7569)
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.(CVE-2018-13033)
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.(CVE-2018-10372)
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)
Affected Packages:
binutils
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update binutils to update your system.
New Packages:
aarch64:
binutils-2.29.1-27.amzn2.0.1.aarch64
binutils-devel-2.29.1-27.amzn2.0.1.aarch64
binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64
i686:
binutils-2.29.1-27.amzn2.0.1.i686
binutils-devel-2.29.1-27.amzn2.0.1.i686
binutils-debuginfo-2.29.1-27.amzn2.0.1.i686
src:
binutils-2.29.1-27.amzn2.0.1.src
x86_64:
binutils-2.29.1-27.amzn2.0.1.x86_64
binutils-devel-2.29.1-27.amzn2.0.1.x86_64
binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64
Red Hat: CVE-2018-10372, CVE-2018-10373, CVE-2018-10535, CVE-2018-13033, CVE-2018-6323, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7643
Mitre: CVE-2018-10372, CVE-2018-10373, CVE-2018-10535, CVE-2018-13033, CVE-2018-6323, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7643
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | binutils | < 2.29.1-27.amzn2.0.1 | binutils-2.29.1-27.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | binutils-devel | < 2.29.1-27.amzn2.0.1 | binutils-devel-2.29.1-27.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | binutils-debuginfo | < 2.29.1-27.amzn2.0.1 | binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | i686 | binutils | < 2.29.1-27.amzn2.0.1 | binutils-2.29.1-27.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | binutils-devel | < 2.29.1-27.amzn2.0.1 | binutils-devel-2.29.1-27.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | binutils-debuginfo | < 2.29.1-27.amzn2.0.1 | binutils-debuginfo-2.29.1-27.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | x86_64 | binutils | < 2.29.1-27.amzn2.0.1 | binutils-2.29.1-27.amzn2.0.1.x86_64.rpm |
Amazon Linux | 2 | x86_64 | binutils-devel | < 2.29.1-27.amzn2.0.1 | binutils-devel-2.29.1-27.amzn2.0.1.x86_64.rpm |
Amazon Linux | 2 | x86_64 | binutils-debuginfo | < 2.29.1-27.amzn2.0.1 | binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64.rpm |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.6%