GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability

GNU Binutils is prone to a heap-based buffer-overflow vulnerability.

Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
GNU Binutils 2.30 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 104540
Class: Boundary Condition Error
CVE: CVE-2018-12699

Remote: Yes
Local: No
Published: Jun 23 2018 12:00AM
Updated: Jun 23 2018 12:00AM
Credit: Sergej Schumilo, Cornelius Aschermann, Ruhr-Universität Bochum
Vulnerable: GNU Binutils 2.30

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• GCC Home Page (GNU)
  
• Bug 23057 - Multiple memory corruptions in objdump (binuitils-2.30-15ubuntu1) (Sourceware)
  
• Bug 85454 - Multiple memory corruptions in objdump / C++ name demangler (GNU)
  

Source: www.securityfocus.com