CVE-2018-13033

Published: Jul 1, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

Affected (5)

Products: Gnu: Binutils · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation, Openshift Container Platform

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Binutils	Version 2.30

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (12)

http://www.securityfocus.com/bid/104584

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3032

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201908-01

Source: cve@mitre.org

https://sourceware.org/bugzilla/show_bug.cgi?id=23361

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://usn.ubuntu.com/4336-1/

Source: cve@mitre.org

http://www.securityfocus.com/bid/104584

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3032

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201908-01

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceware.org/bugzilla/show_bug.cgi?id=23361

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://usn.ubuntu.com/4336-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.