GNU Binutils CVE-2018-20623 Heap Based Buffer Overflow Vulnerability

GNU Binutils is prone to a heap-based buffer-overflow vulnerability.

Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
GNU Binutils 2.31.1 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 106370
Class: Boundary Condition Error
CVE: CVE-2018-20623

Remote: Yes
Local: No
Published: Dec 31 2018 12:00AM
Updated: Dec 31 2018 12:00AM
Credit: zerokeeper
Vulnerable: GNU Binutils 2.31.1

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

GCC Home Page (GNU)
Bug 24049 - heap-use-after-free in readelf ()

Source: www.securityfocus.com

Exploit Collector

Search Exploit