First published: Sun Feb 18 2018(Updated: )
In GNU Binutils through version 2.30, the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), an index is not properly validated, allowing an attacker to cause a denial of service via a crash (segmentation fault) when parsing a file with a crafted COFF file. Upstream Issue: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=22741">https://sourceware.org/bugzilla/show_bug.cgi?id=22741</a> Upstream Patch: <a href="https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815">https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.30 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
redhat/binutils | <2.31 | 2.31 |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241210-1 2.43.50.20241215-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-7208.
The severity of CVE-2018-7208 is low.
CVE-2018-7208 can cause a denial of service (segmentation fault) or possibly have unspecified other impact.
Binutils versions 2.26.1-1ubuntu1~16.04.8+ and 2.30-6 are affected by CVE-2018-7208.
To fix CVE-2018-7208, update the binutils package to version 2.31 or higher.