First published: Sun Sep 23 2018(Updated: )
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.31.1 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17358 is a vulnerability in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.31 that can cause a denial of service (application crash) via an invalid memory access in _bfd_stab_section_find_nearest_line in syms.c.
Attackers can leverage CVE-2018-17358 to cause a denial of service (application crash).
The affected software includes binutils versions 2.30-21ubuntu1~18.04.3, 2.26.1-1ubuntu1~16.04.8+, and some versions of binutils in Debian (2.31.1-16, 2.35.2-2, 2.40-2, and 2.41-5).
Update the binutils package to version 2.30-21ubuntu1~18.04.3 for Ubuntu 18.04 (Bionic) or version 2.26.1-1ubuntu1~16.04.8+ for Ubuntu 16.04 (Xenial).
Update the binutils package to version 2.31.1-16, 2.35.2-2, 2.40-2, or 2.41-5 for Debian.