{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-01T00:00:00", "descriptions": [{"lang": "en", "value": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "106440", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106440"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24041"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K38336243"}, {"name": "GLSA-201908-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-01"}, {"name": "openSUSE-SU-2019:2415", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4336-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20651", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "106440", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106440"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24041", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24041"}, {"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f", "refsource": "MISC", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f"}, {"name": "https://support.f5.com/csp/article/K38336243", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K38336243"}, {"name": "GLSA-201908-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-01"}, {"name": "openSUSE-SU-2019:2415", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4336-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:05:17.829Z"}, "title": "CVE Program Container", "references": [{"name": "106440", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106440"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24041"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K38336243"}, {"name": "GLSA-201908-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-01"}, {"name": "openSUSE-SU-2019:2415", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4336-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20651", "datePublished": "2019-01-01T16:00:00", "dateReserved": "2019-01-01T00:00:00", "dateUpdated": "2024-08-05T12:05:17.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8A2A091-F7E8-438C-8DE8-788A1DD5D11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld."}, {"lang": "es", "value": "Se ha descubierto una desreferencia de puntero NULL en elf_link_add_object_symbols en elflink.c en la biblioteca Binary File Descriptor (BFD) (tambi\u00e9n conocida como libbfd), tal y como se distribuye en la versi\u00f3n 2.31.1 de GNU Binutils. Esto ocurre en el caso de un ET_DYN manipulado sin cabeceras de programa. Un archivo ELF especialmente manipulado permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (DoS), tal y como queda demostrado con Id."}], "id": "CVE-2018-20651", "lastModified": "2024-11-21T04:01:56.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-01T16:29:00.343", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106440"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201908-01"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24041"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K38336243"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4336-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201908-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K38336243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4336-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service", "id": "1664703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1664703"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld."], "name": "CVE-2018-20651", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-12-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-20651\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20651"], "statement": "This vulnerability is rated as low severity because it allows an attacker to cause a denial of service through a NULL pointer dereference, this flaw would crash the application, but it does not affect system integrity or data confidentiality.\nThis issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code, which was introduced in a newer version of the package.", "threat_severity": "Low"}

{}