7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Open Source Binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs.
CVEID: CVE-2018-10534 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds memory write in the _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142630> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10535 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142629> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-6323 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an unsigned integer overflow in the elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138359> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-6543 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the load_specific_debug_section() function in objdump.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138675> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7568 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by integer overflow in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139775> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7569 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer underflow or overflow in the read_attribute_value function in dwarf2.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with a corrupt DWARF FORM block, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139774> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7570 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139773> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7642 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by aout_32_swap_std_reloc_out NULL pointer dereference in the swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139810> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7643 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the display_debug_ranges function in dwarf.c. By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139809> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10372 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by heap-based buffer over-read in process_cu_tu_index in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142399> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10373 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142402> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-17080 **DESCRIPTION: *GNU Binutils is vulnerable to a denial of service, caused by the bfd_getl32 heap-based buffer over-read in the elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/135756> for more information
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-16832 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the pe_bfd_read_buildid function in peicode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134961> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16831 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the coff_get_normalized_symtab function in coffgen.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134960> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16830 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the print_gnu_property_note function in readelf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134959> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16829 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds read in the _bfd_elf_parse_gnu_properties function in elf-properties.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134958> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16828 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow and heap-based buffer over-read flaw in the display_debug_frames function in dwarf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134957> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16827 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a slurp_symtab invalid free flaw in the aout_get_external_symbols function in aoutx.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134956> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16826 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access flaw in the coff_slurp_line_table function in coffcode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134953> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
IBM Netezza Analytics 1.2.4, 2.0-2.3, 3.0-3.0.2, 3.2-3.2.6, 3.3-3.3.3
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Netezza Analytics | 3.3.4 | Link to Fix Central |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm puredata system | eq | any |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P