First published: Wed Feb 28 2018(Updated: )
A flaw was found in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils up to version 2.30, when compiled in 32bit mode. This vulnerability allows attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupted dwarf1 debug information. References: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=22894">https://sourceware.org/bugzilla/show_bug.cgi?id=22894</a> Patch: <a href="https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2">https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.30 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241210-1 2.43.50.20241215-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7568 is a vulnerability in the Binary File Descriptor (BFD) library (aka libbfd) that allows remote attackers to cause a denial of service via an ELF file with corrupt dwarf1 debug information.
CVE-2018-7568 can lead to a denial of service (integer overflow and application crash) if an attacker exploits the vulnerability using a malicious ELF file.
The affected versions of binutils include 2.26.1-1ubuntu1~16.04.8+ and 2.30-6.
To fix CVE-2018-7568, update to binutils version 2.31.1-16, 2.35.2-2, 2.40-2, or 2.41-5, depending on your operating system.
CVE-2018-7568 has a low severity with a CVSS score of 4.3.