Veracode Vulnerability DatabaseVERACODE:26952Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
binutils:bionic is vulnerable to denail of service (DoS). A flaw in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd) results in a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
| CPE | Name | Operator | Version |
|---|---|---|---|
| binutils:bionic | eq | 2.30-15ubuntu1 | |
| binutils:bionic | eq | 2.30-15ubuntu1 |
References
lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
www.securityfocus.com/bid/105754
deb.freexian.com/extended-lts/tracker/CVE-2018-18606
security.netapp.com/advisory/ntap-20190307-0003/
sourceware.org/bugzilla/show_bug.cgi?id=23806
sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P