CVE-2018-18606

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Configurations

Configuration 1

cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*

Information

Published : 2018-10-23 05:29

Updated : 2019-10-31 01:15


NVD link : CVE-2018-18606

Mitre link : CVE-2018-18606

Products Affected
No products.
CWE