Your submission was sent successfully! Close

CVE-2018-20651

Published: 1 January 2019

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
bionic
Released (2.30-21ubuntu1~18.04.3)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(2.32-7ubuntu4)
eoan Not vulnerable
(2.32-8ubuntu1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f