{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-12-19T00:00:00", "datePublic": "2018-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f"}, {"name": "106304", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106304"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23994"}, {"name": "RHSA-2019:2075", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2075"}, {"name": "openSUSE-SU-2019:2415", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4336-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-12-19T20:52:45.262881", "DATE_REQUESTED": "2018-12-17T03:18:24", "ID": "CVE-2018-1000876", "REQUESTER": "yanshb@gmail.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f", "refsource": "MISC", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f"}, {"name": "106304", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106304"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23994"}, {"name": "RHSA-2019:2075", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2075"}, {"name": "openSUSE-SU-2019:2415", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4336-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:47:57.189Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f"}, {"name": "106304", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106304"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23994"}, {"name": "RHSA-2019:2075", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2075"}, {"name": "openSUSE-SU-2019:2415", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4336-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000876", "datePublished": "2018-12-20T17:00:00", "dateReserved": "2018-12-17T00:00:00", "dateUpdated": "2024-08-05T12:47:57.189Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "28CC79FD-6BF9-4B39-970C-C509C931C6C1", "versionEndExcluding": "2.32", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f."}, {"lang": "es", "value": "binutils, en versiones 2.32 y anteriores, contiene una vulnerabilidad de desbordamiento de enteros en objdump, bfd_get_dynamic_reloc_upper_bound y bfd_canonicalize_dynamic_reloc que puede resultar en un desbordamiento de enteros que desencadena un desbordamiento de memoria din\u00e1mica (heap). Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Este ataque parece ser explotable localmente. La vulnerabilidad parece haber sido solucionada tras el commit con ID 3a551c7a1b80fca579461774860574eabfd7f18f."}], "id": "CVE-2018-1000876", "lastModified": "2024-11-21T03:40:33.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-20T17:29:01.033", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/106304"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2075"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23994"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4336-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/106304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4336-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-35/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:2075", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "binutils-0:2.27-41.base.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}], "bugzilla": {"description": "binutils: integer overflow leads to heap-based buffer overflow in objdump", "id": "1664699", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1664699"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f."], "name": "CVE-2018-1000876", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000876\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000876"], "statement": "The issue is classified as moderate severity primarily because of the unlikelihood of running a 32bit compiled objdump and/or having a compiled binary that uses 32bit compiled binutils libraries to analyze binaries from a not trusted source. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-190: Integer Overflow leading to a CWE-122: Heap-based Buffer Overflow vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and enforced through least privilege, ensuring only authorized users can execute or modify code. Red Hat also applies least functionality, enabling only essential features, services, and ports to reduce the attack surface for heap-based buffer overflow exploits. The environment uses IPS/IDS and antimalware solutions to detect and respond to threats in real time, helping prevent or limit exploitation attempts. Static code analysis and peer reviews ensure all user inputs are thoroughly validated, reducing the risk of system instability, data exposure, or privilege escalation. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against buffer overflows and denial-of-service attacks.", "threat_severity": "Moderate"}

{}