CVE-2018-6759

MEDIUM5.5EPSS 0.18%

發布日:2018/2/6修改日:2025/11/19

也稱為:ALPINE-CVE-2018-6759DEBIAN-CVE-2018-6759

描述

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

受影響套件(2)

Alpine/binutilsfrom 0, < 2.30-r2
Debian/binutilsfrom 0, < 2.30-3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-6759
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-6759