CVE-2018-7208
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-7208
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7208.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7208
- Related
- Published
- 2018-02-18T04:29:00Z
- Modified
- 2024-10-18T00:02:01.648243Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the coffpointerizeaux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.
- References
-
- http://www.securityfocus.com/bid/103077
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2018:3032
- https://security.gentoo.org/glsa/201811-17
- https://sourceware.org/bugzilla/show_bug.cgi?id=22741
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
- https://security.alpinelinux.org/vuln/CVE-2018-7208
- https://security-tracker.debian.org/tracker/CVE-2018-7208
Affected packages
Alpine:v3.7 / binutils
Package
- Name
- binutils
- Purl
- pkg:apk/alpine/binutils?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.30-r2
Affected versions
2.*
2.20.51.0.4-r1
2.20.51.0.12-r0
2.21-r0
2.21.1-r0
2.22-r0
2.22-r1
2.23-r0
2.23.1-r0
2.23.2-r0
2.23.2-r1
2.23.2-r2
2.23.2-r3
2.23.2-r4
2.23.2-r5
2.24-r0
2.24-r1
2.24-r2
2.24-r3
2.24-r4
2.24-r5
2.25-r0
2.25-r1
2.25-r2
2.25-r3
2.25.1-r0
2.26-r0
2.26.1-r0
2.27-r0
2.27-r1
2.28-r0
2.28-r1
2.28-r2
2.28-r3
2.30-r0
2.30-r1
Alpine:v3.8 / binutils
Package
- Name
- binutils
- Purl
- pkg:apk/alpine/binutils?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.30-r6
Affected versions
2.*
2.20.51.0.4-r1
2.20.51.0.12-r0
2.21-r0
2.21.1-r0
2.22-r0
2.22-r1
2.23-r0
2.23.1-r0
2.23.2-r0
2.23.2-r1
2.23.2-r2
2.23.2-r3
2.23.2-r4
2.23.2-r5
2.24-r0
2.24-r1
2.24-r2
2.24-r3
2.24-r4
2.24-r5
2.25-r0
2.25-r1
2.25-r2
2.25-r3
2.25.1-r0
2.26-r0
2.26.1-r0
2.27-r0
2.27-r1
2.28-r0
2.28-r1
2.28-r2
2.28-r3
2.30-r0
2.30-r1
2.30-r2
2.30-r3
2.30-r4
2.30-r5
Debian:11 / binutils
Package
- Name
- binutils
- Purl
- pkg:deb/debian/binutils?arch=source
Debian:12 / binutils
Package
- Name
- binutils
- Purl
- pkg:deb/debian/binutils?arch=source
Debian:13 / binutils
Package
- Name
- binutils
- Purl
- pkg:deb/debian/binutils?arch=source
Git / sourceware.org/git/binutils-gdb.git
Affected ranges
- Type
- GIT
- Repo
- https://sourceware.org/git/binutils-gdb.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected8db5daf9efe8a6174d3b10ac7bba8c178836e9ce
Affected versions
Other
binu_ss_19990502
binutils-2_30
gdb-4_18-branchpoint
gdb_5_2-branchpoint
gdb_5_3-branchpoint
gdb_6_0-branchpoint
gdb_6_1-branchpoint
gdb_6_2-branchpoint
gdb_6_3-branchpoint
gdb_6_4-branchpoint
gdb_6_5-branchpoint
gdb_6_6-branchpoint
gdb_6_7-branchpoint
gdb_6_8-branchpoint
gdb_7_0-branchpoint
gdb_7_1-branchpoint
gdb_7_2-branchpoint
gdb_7_3-branchpoint
gdb_7_4-branchpoint
gdb_7_5-branchpoint
gdb_7_6-branchpoint
readline_4_0
users/ARM/embedded-binutils-master-2016q4
users/ARM/embedded-binutils-master-2017q4
users/ARM/embedded-gdb-master-2017q4
gdb-7.*
gdb-7.10-branchpoint
gdb-7.11-branchpoint
gdb-7.12-branchpoint
gdb-7.7-branchpoint
gdb-7.8-branchpoint
gdb-7.9-branchpoint
gdb-8.*
gdb-8.0-branchpoint
gdb-8.1-branchpoint