First published: Sat Jun 23 2018(Updated: )
A flaw was found in in GNU libiberty, as distributed in GNU Binutils 2.30. A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c. References: <a href="https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102">https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102</a> <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454</a> <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=23057">https://sourceware.org/bugzilla/show_bug.cgi?id=23057</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.30 | |
Canonical Ubuntu Linux | =16.04.4 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-12697.
The severity of CVE-2018-12697 is low.
The software affected by CVE-2018-12697 are GNU Binutils 2.30, libiberty version 20170913-1ubuntu0.1, libiberty version 20190122-1, libiberty version 20160215-1ubuntu0.3, binutils version 2.26.1-1ubuntu1~16.04.8+, binutils version 2.30-21ubuntu1~18.04.3, binutils version 2.32.51.20190707-1, and binutils version 2.35.2-2, 2.40-2, and 2.41-5.
To fix CVE-2018-12697, update GNU Binutils to version 2.32.51.20190707-1 or later, or update libiberty to version 20170913-1ubuntu0.1, 20190122-1, or 20160215-1ubuntu0.3.
You can find more information about CVE-2018-12697 at the following references: [URL 1](https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102), [URL 2](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454), [URL 3](https://sourceware.org/bugzilla/show_bug.cgi?id=23057).