CVE-2018-20673

Отчет

This issue did not affect the versions of gdb as shipped with Red Hat Enterprise Linux 7 and with Red Hat Developer Toolset 7 and 8 as they are compiled only for 64bit architectures, where the flaw is not present. This vulnerability has been rated as Low severity for Red Hat Enterprise Linux 8, as the circumstances to exploit are particularly unlikely. A crafted binary file must be passed to one of the affected tools, in a 32-bit environment, and in a scenario where the corrupted file comes from an untrusted source. In 64 bit environments, exploitation is not possible. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-190: Integer Overflow leading to a CWE-122: Heap-based Buffer Overflow vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low. Access to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and enforced through least privilege, ensuring only authorized users can execute or modify code. Red Hat also applies least functionality, enabling only essential features, services, and ports to reduce the attack surface for heap-based buffer overflow exploits. The environment uses IPS/IDS and antimalware solutions to detect and respond to threats in real time, helping prevent or limit exploitation attempts. Static code analysis and peer reviews ensure all user inputs are thoroughly validated, reducing the risk of system instability, data exposure, or privilege escalation. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against buffer overflows and denial-of-service attacks.