CVE-2018-7568

CVE-2018-7568

Name

CVE-2018-7568

Description

The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://sourceware.org/bugzilla/show_bug.cgi?id=22894
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3032
Third Party Advisory	https://security.gentoo.org/glsa/201811-17
Third Party Advisory	https://access.redhat.com/errata/RHBA-2019:0327
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

Type

URI

Exploit

https://sourceware.org/bugzilla/show_bug.cgi?id=22894

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3032

Third Party Advisory

https://security.gentoo.org/glsa/201811-17

Third Party Advisory

https://access.redhat.com/errata/RHBA-2019:0327

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html