GNU Binutils is prone to following security vulnerabilities:
1. A heap-based overflow vulnerability
2. An integer-overflow vulnerability
An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
Information
CVE-2018-19932
GNU Binutils 2.16.1
GNU Binutils 2.15
GNU Binutils 2.14
GNU Binutils 2.12
GNU Binutils 2.11
GNU Binutils 2.31
GNU Binutils 2.30
GNU Binutils 2.29
GNU Binutils 2.28
GNU Binutils 2.16.91.0.2
GNU Binutils 2.15.94.0.2.2
GNU Binutils 2.15.92.0.2
GNU Binutils 2.14.90.0.7
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Fix a memory exhaustion bug when attempting to allocate room for an impossible n (sourceware.org)
- GNU Homepage (GNU)
- Remove an abort in the bfd library and add a check for an integer overflow when (sourceware.org)
- Bug 23932 - integer overflow causes an endless loop (sourceware.org)
- Heap overflow bug in bfd_elf32_swap_phdr_in (sourceware.org)