Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-18483

Опубликовано: 17 янв. 2017
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Отчет

This vulnerability is rated as moderate because an integer overflow in the get_count function in cplus-dem.c can lead to a denial of service or potentially other unintended behavior, achieving successful exploitation is not straightforward and depends on the specific conditions to craft input, which could trigger memory corruption.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5binutilsWill not fix
Red Hat Enterprise Linux 5binutils220Not affected
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 7binutilsWill not fix
Red Hat Enterprise Linux 8binutilsWill not fix
Red Hat Enterprise Linux 8mingw-binutilsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1645957binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service

EPSS

Процентиль: 48%
0.00252
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-18483

CVSS3: 7.8
ubuntu
больше 7 лет назад

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

nvd логотип

CVE-2018-18483

CVSS3: 7.8
nvd
больше 7 лет назад

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

debian логотип

CVE-2018-18483

CVSS3: 7.8
debian
больше 7 лет назад

The get_count function in cplus-dem.c in GNU libiberty, as distributed ...

github логотип

GHSA-92pq-82vg-3v28

CVSS3: 7.8
github
больше 3 лет назад

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

fstec логотип

BDU:2020-01726

CVSS3: 6.1
fstec
больше 7 лет назад

Уязвимость функции get_count программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 48%
0.00252
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2018-18483