First published: Tue Jan 01 2019(Updated: )
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.31.1 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-20651.
The severity of CVE-2018-20651 is not provided.
CVE-2018-20651 occurs due to a NULL pointer dereference in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library.
A specially crafted ELF file can allow remote attackers to cause a NULL pointer dereference, resulting in a denial of service.
To fix CVE-2018-20651, update the affected software to the recommended versions or apply the provided remedies.