binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html | Broken Link |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html | Broken Link |
http://www.securityfocus.com/bid/106304 | Broken Link |
https://access.redhat.com/errata/RHSA-2019:2075 | Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=23994 | Exploit Issue Tracking Third Party Advisory |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f | |
https://usn.ubuntu.com/4336-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
28 Feb 2023, 20:43
Type | Values Removed | Values Added |
---|---|---|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html - Broken Link | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2075 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4336-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/106304 - Broken Link | |
CPE | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
Information
Published : 2018-12-20 17:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-1000876
Mitre link : CVE-2018-1000876
CVE.ORG link : CVE-2018-1000876
JSON object : View
Products Affected
gnu
- binutils
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
canonical
- ubuntu_linux