First published: Fri Feb 02 2018(Updated: )
In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.30 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6543 is a vulnerability found in GNU Binutils 2.30 that allows for an integer overflow in the function load_specific_debug_section() in objdump.c, leading to a denial of service or other unspecified impact.
CVE-2018-6543 can cause a denial of service (application crash) or possibly have other unspecified impacts on the affected system.
GNU Binutils 2.30 is affected by CVE-2018-6543.
Yes, there are fixes available for CVE-2018-6543. For Ubuntu, version 2.30-3 or later is recommended, while for Debian, versions 2.31.1-16, 2.35.2-2, 2.40-2, and 2.41-5 are recommended.
More information about CVE-2018-6543 can be found at the following references: [1] https://sourceware.org/bugzilla/show_bug.cgi?id=22769 [2] http://www.securityfocus.com/bid/102985 [3] https://security.gentoo.org/glsa/201811-17