CVE-2018-10372

Published: Apr 25, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

Affected (4)

Products: Gnu: Binutils · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation

Gnu

1 product

Binutils

Redhat

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Binutils	Version 2.30

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (12)

http://www.securityfocus.com/bid/103976

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3032

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201908-01

Source: cve@mitre.org

https://sourceware.org/bugzilla/show_bug.cgi?id=23064

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://usn.ubuntu.com/4336-1/

Source: cve@mitre.org

http://www.securityfocus.com/bid/103976