First published: Wed Apr 25 2018(Updated: )
GNU Binutils through version 2.30 has a heap-based buffer over-read vulnerability in dwarf.c:process_cu_tu_index(). An attacker could exploit this to crash the readelf application by providing a binary file. Upstream Issue: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=23064">https://sourceware.org/bugzilla/show_bug.cgi?id=23064</a> Upstream Patch: <a href="https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d">https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.30 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10372 is a vulnerability in GNU Binutils 2.30 that allows remote attackers to cause a denial of service through a crafted binary file.
CVE-2018-10372 can be exploited by sending a specially crafted binary file to the affected system.
CVE-2018-10372 has a low severity level.
GNU Binutils 2.30 is affected by CVE-2018-10372.
Yes, the remedy for CVE-2018-10372 is to upgrade to binutils version 2.30.90.20180627-1 or higher.