First published: Fri Dec 07 2018(Updated: )
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | <=2.31 | |
Netapp Vasa Provider | >=7.2 | |
Netapp Cluster Data Ontap | ||
All of | ||
Netapp Vasa Provider | >=7.2 | |
Netapp Cluster Data Ontap | ||
debian/binutils | 2.35.2-2 2.40-2 2.43.1-5 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19932 is a vulnerability in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils.
The vulnerability in CVE-2018-19932 occurs due to an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
The affected software versions include binutils 2.30-21ubuntu1~18.04.3, binutils 2.26.1-1ubuntu1~16.04.8+, and binutils up to version 2.31.1-16.
To fix CVE-2018-19932, it is recommended to update binutils to version 2.30-21ubuntu1~18.04.3 (for Ubuntu 18.04), binutils to version 2.26.1-1ubuntu1~16.04.8+ (for Ubuntu 16.04), or binutils to version 2.35.2-2, 2.40-2, or 2.41-5 (for Debian).
You can find more information about CVE-2018-19932 at the following references: [1] https://sourceware.org/bugzilla/show_bug.cgi?id=23932, [2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7, [3] http://www.securityfocus.com/bid/106144.