Vulnerability Name: | CVE-2018-20673 (CCN-155168) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2018-12-27 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2018-12-27 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2020-08-24 | ||||||||||||||||||||||||||||||||||||||||
Summary: | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)
4.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-787 CWE-190 CWE-122 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-20673 Source: BID Type: Third Party Advisory, VDB Entry 106454 Source: XF Type: UNKNOWN gnubinutils-cve201820673-bo(155168) Source: CCN Type: Sourceware Bugzilla Bug 24039 integer overflow in libiberty, heap overflow will be triggered Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://sourceware.org/bugzilla/show_bug.cgi?id=24039 Source: CCN Type: GNU Web site GNU Binutils Source: CCN Type: IBM Security Bulletin 1143448 (Watson Studio Local) Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local Source: CCN Type: IBM Security Bulletin 6252337 (Netezza Platform Software) Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. Source: CCN Type: IBM Security Bulletin 6445777 (Netezza Performance Server) Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server Source: CCN Type: IBM Security Bulletin 6453339 (Netezza Analytics for NPS) Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS Source: CCN Type: IBM Security Bulletin 6856409 (Cloud Pak for Security) IBM Cloud Pak for Security includes components with multiple known vulnerabilities | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |