GNU Binutils Integer Overflow and Heap Based Buffer Overflow Vulnerabilities



GNU Binutils is prone to following security vulnerabilities:

1. A heap-based overflow vulnerability
2. An integer-overflow vulnerability

An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

Information

Bugtraq ID: 106144
Class: Boundary Condition Error
CVE: CVE-2018-19931
CVE-2018-19932

Remote: Yes
Local: No
Published: Dec 07 2018 12:00AM
Updated: Dec 07 2018 12:00AM
Credit: Dongdong She
Vulnerable: GNU Binutils 2.29.1
GNU Binutils 2.16.1
GNU Binutils 2.15
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
GNU Binutils 2.14
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU Binutils 2.12
GNU Binutils 2.11
GNU Binutils 2.31
GNU Binutils 2.30
GNU Binutils 2.29
GNU Binutils 2.28
GNU Binutils 2.16.91.0.2
GNU Binutils 2.15.94.0.2.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
GNU Binutils 2.15.92.0.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
GNU Binutils 2.14.90.0.7
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32


Not Vulnerable:

Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts