Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:E28868CF5495F6C7D71AC5B00564832A
HistoryMay 14, 2020 - 12:00 a.m.

USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry

2020-05-1400:00:00
Cloud Foundry
www.cloudfoundry.org
31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVEs contained in this USN include: CVE-2018-1000876, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700, CVE-2018-12934, CVE-2018-13033, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17794, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-18700, CVE-2018-18701, CVE-2018-19931, CVE-2018-19932, CVE-2018-20002, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-8945, CVE-2018-9138, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2019-14250, CVE-2019-12972, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs3
    • All versions prior to 0.176.0
  • CF Deployment
    • All versions prior to v13.0.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs3
    • Upgrade All versions to 0.176.0 or greater
  • CF Deployment
    • Upgrade All versions to v13.0.0 or greater

References

History

2020-04-22: Initial vulnerability report published.

CPENameOperatorVersion
cflinuxfs3lt0.176.0

Related

openvas 30
ubuntu 3
nessus 81
ibm 9
gentoo 3
cloudlinux 4
photon 16
suse 4
f5 4
ubuntucve 14
oraclelinux 2
amazon 2
centos 2
redhat 2
archlinux 1
mageia 1
osv 4
prion 3
redhatcve 6
debiancve 1
cve 5
veracode 2
openvas
openvas
Ubuntu: Security Advisory for binutils (USN-4336-1)
2020-04-23 00:00:00
Ubuntu: Security Advisory for libiberty (USN-4326-1)
2020-04-09 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1074)
2020-01-23 00:00:00
ubuntu
ubuntu
GNU binutils vulnerabilities
2020-04-22 00:00:00
libiberty vulnerabilities
2020-04-08 00:00:00
GNU binutils vulnerabilities
2021-07-21 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1)
2020-04-24 00:00:00
GLSA-201908-01 : Binutils: Multiple vulnerabilities
2019-08-12 00:00:00
SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2019:2650-1)
2019-10-15 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
2020-07-23 09:47:08
Security Bulletin: Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local
2019-12-20 13:52:21
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server
2022-05-31 03:16:48
gentoo
gentoo
Binutils: Multiple vulnerabilities
2019-08-03 00:00:00
Binutils: Multiple vulnerabilities
2020-07-27 00:00:00
Binutils: Multiple vulnerabilities
2021-07-10 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483
2021-12-29 15:09:05
Fix of 14 CVEs
2022-01-11 12:27:33
Fix of 36 CVEs
2021-12-27 16:08:07
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0119
2019-01-08 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0119
2019-01-08 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0022
2019-06-25 00:00:00
suse
suse
Security update for binutils (moderate)
2020-11-01 00:00:00
Security update for binutils (moderate)
2020-10-31 00:00:00
Security update for binutils (moderate)
2019-10-30 00:00:00
f5
f5
K01152385 : Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700
2018-07-23 00:00:00
K24353255 : Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607
2018-12-28 00:00:00
K38336243 : Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712
2019-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2018-17794
2018-09-30 00:00:00
CVE-2018-18484
2018-10-18 00:00:00
CVE-2018-18701
2018-10-29 00:00:00
oraclelinux
oraclelinux
binutils security and bug fix update
2019-08-13 00:00:00
binutils security, bug fix, and enhancement update
2018-11-05 00:00:00
amazon
amazon
Medium: binutils
2019-11-11 17:35:00
Low: binutils
2019-01-07 21:47:00
centos
centos
binutils security update
2019-08-30 02:35:38
binutils security update
2018-11-15 18:43:31
redhat
redhat
(RHSA-2019:2075) Moderate: binutils security and bug fix update
2019-08-06 07:58:08
(RHSA-2018:3032) Low: binutils security, bug fix, and enhancement update
2018-10-30 04:11:05
archlinux
archlinux
[ASA-201906-3] binutils: multiple issues
2019-06-04 00:00:00
mageia
mageia
Updated binutils packages fix security vulnerabilities
2020-03-06 19:13:58
osv
osv
binutils vulnerabilities
2021-07-21 13:08:04
CVE-2018-18701
2018-10-29 12:29:04
CVE-2018-19932
2018-12-07 07:29:00
prion
prion
Code injection
2018-10-04 23:29:00
Heap overflow
2018-06-23 23:29:00
Design/Logic Flaw
2018-10-29 12:29:00
redhatcve
redhatcve
CVE-2018-18701
2018-11-05 16:19:14
CVE-2018-18607
2020-03-30 08:07:22
CVE-2018-12699
2020-04-02 08:10:25
debiancve
debiancve
CVE-2018-18606
2018-10-23 17:29:00
cve
cve
CVE-2018-18484
2018-10-18 21:29:00
CVE-2018-20671
2019-01-04 16:29:00
CVE-2018-18700
2018-10-29 12:29:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:21:27
Denial Of Service (DoS)
2020-09-21 06:28:35

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

JSON
Related for CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A
openvas30ubuntu3nessus81ibm9gentoo3cloudlinux4photon16suse4f54ubuntucve14oraclelinux2amazon2centos2redhat2archlinux1mageia1osv4prion3redhatcve6debiancve1cve5veracode2