CVE-2018-7569 : dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

Published 2018-02-28 21:29:00

Updated 2019-10-31 01:15:16

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2018-7569

Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
GNU » Binutils » Version: 2.30
cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-7569

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-7569

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-7569

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-7569

https://access.redhat.com/errata/RHBA-2019:0327

RHBA-2019:0327 - Bug Fix Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

[security-announce] openSUSE-SU-2019:2415-1: moderate: Security update f

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:3032

RHSA-2018:3032 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201811-17

Binutils: Multiple vulnerabilities (GLSA 201811-17) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://sourceware.org/bugzilla/show_bug.cgi?id=22895

22895 – integer overflow in read_attribute_value
Exploit;Issue Tracking;Patch;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

[security-announce] openSUSE-SU-2019:2432-1: moderate: Security update f

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-7569

Products affected by CVE-2018-7569

Exploit prediction scoring system (EPSS) score for CVE-2018-7569

CVSS scores for CVE-2018-7569

CWE ids for CVE-2018-7569

References for CVE-2018-7569