First published: Sun Sep 23 2018(Updated: )
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.31.1 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17359 is a vulnerability in the Binary File Descriptor (BFD) library, also known as libbfd.
CVE-2018-17359 affects GNU Binutils version 2.31, specifically the Binary File Descriptor (BFD) library (libbfd).
CVE-2018-17359 allows attackers to cause a denial of service (application crash) by exploiting an invalid memory access in bfd_zalloc in opncls.c.
To fix CVE-2018-17359, update to a version of binutils that includes the necessary fixes, such as version 2.30-21ubuntu1~18.04.3 for Ubuntu or versions 2.35.2-2, 2.40-2, or 2.41-5 for Debian.
You can find more information about CVE-2018-17359 at the following references: [1] https://sourceware.org/bugzilla/show_bug.cgi?id=23686 [2] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html [3] http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html