CVE-2018-20671

{"id": "CVE-2018-20671", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-01-04T16:29:00.243", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/106457", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24005", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11fa9f134fd658075c6f74499c780df045d9e9ca", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4336-1/", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/106457", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24005", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11fa9f134fd658075c6f74499c780df045d9e9ca", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4336-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size."}, {"lang": "es", "value": "load_specific_debug_section en objdump.c en GNU Binutils hasta la versi\u00f3n 2.31.1 contiene una vulnerabilidad de desbordamiento de enteros que puede provocar un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) mediante un tama\u00f1o de secci\u00f3n manipulado."}], "lastModified": "2024-11-21T04:01:57.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FAC5DF3-E11F-4156-9E4D-BEB959C97258", "versionEndIncluding": "2.31.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}