CVE-2018-6759

Priority
Description
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
has an unchecked strnlen operation. Remote attackers could leverage this
vulnerability to cause a denial of service (segmentation fault) via a
crafted ELF file.
Notes
Package
Upstream:released (2.31)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.30-15ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.31.1-6ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.31.1-6ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.31.1-6ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=64e234d417d5685a4aec0edc618114d9991c031b
More Information

Updated: 2019-12-05 19:57:29 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)