What is the severity of REDHAT-BUG-1574696?

The severity of REDHAT-BUG-1574696 is classified as a medium-level vulnerability due to potential unbounded loops.

How do I fix REDHAT-BUG-1574696?

To fix REDHAT-BUG-1574696, you should update to the latest version of GNU Binutils or apply the relevant patches provided by your Linux distribution.

What software is affected by REDHAT-BUG-1574696?

REDHAT-BUG-1574696 affects the Binary File Descriptor (BFD) library as distributed in GNU Binutils 2.30.

What is the impact of REDHAT-BUG-1574696?

The impact of REDHAT-BUG-1574696 is that it may cause denial of service through the potential for an unbounded loop when processing specific inputs.

Is there a workaround for REDHAT-BUG-1574696?

Currently, the best workaround for REDHAT-BUG-1574696 is to avoid using affected versions of GNU Binutils until a fix is applied.

Vulnerability/
REDHAT-BUG-1574696

low

3/5/2018

29/9/2019

REDHAT-BUG-1574696

First published: Thu May 03 2018(Updated: )

A flaw was found in the _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. References: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=23110">https://sourceware.org/bugzilla/show_bug.cgi?id=23110</a> Patch: <a href="https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4">https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4</a>

Affected Software	Affected Version	How to fix
Ubuntu/binutils
GNU Binutils (libbfd)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1574696?
The severity of REDHAT-BUG-1574696 is classified as a medium-level vulnerability due to potential unbounded loops.
How do I fix REDHAT-BUG-1574696?
To fix REDHAT-BUG-1574696, you should update to the latest version of GNU Binutils or apply the relevant patches provided by your Linux distribution.
What software is affected by REDHAT-BUG-1574696?
REDHAT-BUG-1574696 affects the Binary File Descriptor (BFD) library as distributed in GNU Binutils 2.30.
What is the impact of REDHAT-BUG-1574696?
The impact of REDHAT-BUG-1574696 is that it may cause denial of service through the potential for an unbounded loop when processing specific inputs.
Is there a workaround for REDHAT-BUG-1574696?
Currently, the best workaround for REDHAT-BUG-1574696 is to avoid using affected versions of GNU Binutils until a fix is applied.

agent/type
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-10534
agent/source
agent/severity
agent/references
agent/description
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gnu
canonical/ubuntu/binutils
canonical/gnu binutils (libbfd)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.