{ "threat_severity" : "Low", "public_date" : "2018-02-26T00:00:00Z", "bugzilla" : { "description" : "binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library", "id" : "1551778", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1551778" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-190", "details" : [ "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", "An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2018-10-30T00:00:00Z", "advisory" : "RHSA-2018:3032", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "binutils-0:2.27-34.base.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "binutils", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "binutils220", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "binutils", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "binutils", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-7569\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7569" ], "name" : "CVE-2018-7569", "csaw" : false }