CVE-2018-6872 (https://nvd.nist.gov/vuln/detail/CVE-2018-6872): The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. CVE-2018-6759 (https://nvd.nist.gov/vuln/detail/CVE-2018-6759): The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. CVE-2018-6543 (https://nvd.nist.gov/vuln/detail/CVE-2018-6543): In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-6872 (https://nvd.nist.gov/vuln/detail/CVE-2018-6872): > The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote > attackers to cause a denial of service (out-of-bounds read and segmentation > violation) via a note with a large alignment. Fix queued for binutils 2.30 patchset 2 (from upstream 2.30 branch) > CVE-2018-6759 (https://nvd.nist.gov/vuln/detail/CVE-2018-6759): > The bfd_get_debug_link_info_1 function in opncls.c in the Binary File > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, > has an unchecked strnlen operation. Remote attackers could leverage this > vulnerability to cause a denial of service (segmentation fault) via a > crafted ELF file. Fix queued for binutils 2.30 patchset 2 (cherry-picked from upstream master) > CVE-2018-6543 (https://nvd.nist.gov/vuln/detail/CVE-2018-6543): > In GNU Binutils 2.30, there's an integer overflow in the function > load_specific_debug_section() in objdump.c, which results in `malloc()` > with > 0 size. A crafted ELF file allows remote attackers to cause a denial of > service (application crash) or possibly have unspecified other impact. Fix queued for binutils 2.30 patchset 2 (cherry-picked from upstream master)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c7fe7564dc60dd6caa3afd787728acb43fc7abe commit 8c7fe7564dc60dd6caa3afd787728acb43fc7abe Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-04-29 20:07:56 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-04-29 20:08:06 +0000 sys-devel/binutils: Revision bump (no keywords), 2.30 patchset 2 Bug: https://bugs.gentoo.org/502492 Bug: https://bugs.gentoo.org/647798 Bug: https://bugs.gentoo.org/647296 Bug: https://bugs.gentoo.org/649690 Bug: https://bugs.gentoo.org/651576 Package-Manager: Portage-2.3.31, Repoman-2.3.9 sys-devel/binutils/Manifest | 1 + sys-devel/binutils/binutils-2.30-r2.ebuild | 417 +++++++++++++++++++++++++++++ 2 files changed, 418 insertions(+)}
This issue was resolved and addressed in GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17 by GLSA coordinator Aaron Bauman (b-man).
