Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6872

Опубликовано: 05 фев. 2018
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

Отчет

The prerequisites for successful exploitation of this bug involves both independent filesystem access as well as the victim to interact with the file created.

  • An attacker needs to create a file (such as an ELF file) containing a note section with a large alignment value designed to trigger the out-of-bounds read in the elf_parse_notes function.
  • The attacker must convince a user to process the malicious file using a tool that utilizes the vulnerable libbfd library, such as objdump or readelf. Considering the high bar of prerequites for successful exploitation, RH ProdSec has set the Impact of this vulnerability to "Low"

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5binutilsWill not fix
Red Hat Enterprise Linux 5binutils220Will not fix
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 7binutilsWill not fix
Red Hat Enterprise Linux 8binutilsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1543969binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library

EPSS

Процентиль: 42%
0.00198
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6872

CVSS3: 5.5
ubuntu
почти 8 лет назад

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

nvd логотип

CVE-2018-6872

CVSS3: 5.5
nvd
почти 8 лет назад

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

debian логотип

CVE-2018-6872

CVSS3: 5.5
debian
почти 8 лет назад

The elf_parse_notes function in elf.c in the Binary File Descriptor (B ...

github логотип

GHSA-f82r-gxmc-7677

CVSS3: 5.5
github
больше 3 лет назад

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

fstec логотип

BDU:2019-00575

CVSS3: 5.5
fstec
больше 7 лет назад

Уязвимость функции elf_parse_notes программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 42%
0.00198
Низкий

3.3 Low

CVSS3