Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-6759


The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.


Published

2018-02-06T21:29:00.520

Last Modified

2024-11-21T04:11:08.263

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu binutils 2.30 Yes

References