CVE-2018-19932
Published: 7 December 2018
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
binutils Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(2.32-8ubuntu1)
|
| jammy |
Not vulnerable
(2.32-8ubuntu1)
|
|
| bionic |
Released
(2.30-21ubuntu1~18.04.3)
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(2.32-7ubuntu4)
|
|
| eoan |
Not vulnerable
(2.32-8ubuntu1)
|
|
| focal |
Not vulnerable
(2.32-8ubuntu1)
|
|
| groovy |
Not vulnerable
(2.32-8ubuntu1)
|
|
| hirsute |
Not vulnerable
(2.32-8ubuntu1)
|
|
| impish |
Not vulnerable
(2.32-8ubuntu1)
|
|
| lunar |
Not vulnerable
(2.32-8ubuntu1)
|
|
| trusty |
Needed
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.26.1-1ubuntu1~16.04.8+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| mantic |
Not vulnerable
(2.32-8ubuntu1)
|
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |