Improper Input Validation in binutils

Do your applications use this vulnerable package? Test your applications

Overview

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.

References

ADVISORY
CONFIRM
Debian Security Tracker
Gentoo Security Advisory
OpenSuse Security Announcement
OpenSuse Security Announcement
REDHAT
RHSA Security Advisory
Security Focus

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2018-7208
CWE: CWE-20
Snyk ID: SNYK-DEBIAN9-BINUTILS-403780
Disclosed: 18 Feb, 2018
Published: 18 Feb, 2018

Improper Input Validation
Affecting binutils package, versions *

Overview

References

CVSS Score

Improper Input Validation Affecting binutils package, versions *

Overview

References

Improper Input Validation
Affecting binutils package, versions *