Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000876


binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.


Published

2018-12-20T17:29:01.033

Last Modified

2024-11-21T03:40:33.533

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-190
    CWE-787

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu binutils < 2.32 Yes
Operating System canonical ubuntu_linux 18.04 Yes
Operating System redhat enterprise_linux_desktop 7.0 Yes
Operating System redhat enterprise_linux_server 7.0 Yes
Operating System redhat enterprise_linux_workstation 7.0 Yes

References