CVE-2018-6759

Source
https://cve.org/CVERecord?id=CVE-2018-6759
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6759.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-6759
Downstream
Related
Published
2018-02-06T21:29:00.520Z
Modified
2026-07-08T20:04:51.883826Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The bfdgetdebuglinkinfo_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

References

Affected packages

Git / sourceware.org/git/binutils-gdb.git

Affected ranges

Type
GIT
Repo
https://sourceware.org/git/binutils-gdb.git
Events
Introduced
8db5daf9efe8a6174d3b10ac7bba8c178836e9ce
Last affected
8db5daf9efe8a6174d3b10ac7bba8c178836e9ce
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.30"
        },
        {
            "last_affected": "2.30"
        }
    ]
}

Affected versions

2.*
2.30
Other
binutils-2_30

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6759.json"