CVE-2018-6759

EPSS 0.24%
Veröffentlicht 06.02.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 04:11:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Binutils Version2.30

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.466

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201811-17

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

http://www.securityfocus.com/bid/103030

Third Party Advisory

VDB Entry

https://sourceware.org/bugzilla/show_bug.cgi?id=22794

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-6759

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6759

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6759

EUVD