CVE-2018-12699 - finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-base

CVE-2018-12699

Summary

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

References

Vulnerable Configurations

cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-08-2019 - 13:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	104540
gentoo	GLSA-201908-01
misc	https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 https://sourceware.org/bugzilla/show_bug.cgi?id=23057
ubuntu	USN-4336-1

Last major update

03-08-2019 - 13:15

Published

23-06-2018 - 23:29

Last modified

03-08-2019 - 13:15