← back
CVE-2018-6323

CVE-2018-6323

EPSS 5.9%
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44035/unverifiedexploitdbwww.exploit-db.com/exploits/44035unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.htmlhttps://sourceware.org/bugzilla/show_bug.cgi?id=22746https://www.exploit-db.com/exploits/44035/http://www.securityfocus.com/bid/102821