Integer Overflow or Wraparound in binutils

Do your applications use this vulnerable package? Test your applications

Overview

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

References

Debian Security Tracker
MISC
MISC
OpenSuse Security Announcement
OpenSuse Security Announcement
Security Focus
UBUNTU
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2018-18483
CWE: CWE-190
Snyk ID: SNYK-DEBIAN8-BINUTILS-404148
Disclosed: 18 Oct, 2018
Published: 18 Oct, 2018

Integer Overflow or Wraparound
Affecting binutils package, versions *

Overview

References

CVSS Score

Integer Overflow or Wraparound Affecting binutils package, versions *

Overview

References

Integer Overflow or Wraparound
Affecting binutils package, versions *