CVE-2018-10373: Null Pointer Dereference
First published: Wed Apr 25 2018(Updated: )
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Binutils | =2.30 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| debian/binutils | 2.35.2-2 2.40-2 2.43.1-5 |
Remedy
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6327533b1fd29fa86f6bf34e61c332c010e3c689
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/104000
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2018:3032
- https://security.gentoo.org/glsa/201908-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=23065
- https://usn.ubuntu.com/4336-1/
- https://launchpad.net/bugs/cve/CVE-2018-10373
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6327533b1fd29fa86f6bf34e61c332c010e3c689
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1573368
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1573366
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1573369
- https://bugzilla.redhat.com/show_bug.cgi?id=1573365
- https://security-tracker.debian.org/tracker/CVE-2018-10373
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373
- https://nvd.nist.gov/vuln/detail/CVE-2018-10373
- https://ubuntu.com/security/CVE-2018-10373
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-10373.
What is the title of the vulnerability?
The title of the vulnerability is 'concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd)'.
What is the severity level of CVE-2018-10373?
The severity level of CVE-2018-10373 is low.
What is the affected software?
The affected software is the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.30.
How can an attacker exploit CVE-2018-10373?
An attacker can exploit CVE-2018-10373 by sending a crafted binary file, which can cause a denial of service (NULL pointer dereference and application crash).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10373
- agent/author
- agent/severity
- agent/remedy
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/weakness
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/last-modified-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/gnu
- canonical/gnu binutils
- version/gnu binutils/2.30
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- package-manager/debian