CVE-2018-18606 - Vulnerability Details - OpenCVE

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Gnu	Binutils
Netapp	Data Ontap

Configuration 1 [-]

cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
http://www.securityfocus.com/bid/105754
https://nvd.nist.gov/vuln/detail/CVE-2018-18606
https://security.netapp.com/advisory/ntap-20190307-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23806
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc
https://usn.ubuntu.com/4336-1/
https://www.cve.org/CVERecord?id=CVE-2018-18606

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00718}`	epss `{'score': 0.00558}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-23T17:00:00

Updated: 2024-08-05T11:15:59.847Z

Reserved: 2018-10-23T00:00:00

Link: CVE-2018-18606

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-23T17:29:00.517

Modified: 2024-11-21T03:56:14.227

Link: CVE-2018-18606

Redhat

Severity : Low

Publid Date: 2018-10-21T00:00:00Z

Links: CVE-2018-18606 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "105754", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105754"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190307-0003/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23806"}, {"name": "openSUSE-SU-2019:2415", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4336-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2018-18606", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "105754", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105754"}, {"name": "https://security.netapp.com/advisory/ntap-20190307-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190307-0003/"}, {"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc", "refsource": "MISC", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23806"}, {"name": "openSUSE-SU-2019:2415", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4336-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:15:59.847Z"}, "title": "CVE Program Container", "references": [{"name": "105754", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105754"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190307-0003/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23806"}, {"name": "openSUSE-SU-2019:2415", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"name": "openSUSE-SU-2019:2432", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"name": "USN-4336-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4336-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18606", "datePublished": "2018-10-23T17:00:00", "dateReserved": "2018-10-23T00:00:00", "dateUpdated": "2024-08-05T11:15:59.847Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*", "matchCriteriaId": "CE48E8C1-83EE-4E3E-BD7E-0E9F6A2F9623", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "9541A13B-D135-4DB7-B209-19A51217E55C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld."}, {"lang": "es", "value": "Se ha descubierto un problema en la funci\u00f3n merge_strings en merge.c en la biblioteca Binary File Descriptor (BFD), tambi\u00e9n conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay una desreferencia de puntero NULL en _bfd_add_merge_section al intentar fusionar secciones con grandes alineaciones. Un ELF especialmente manipulado permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS), tal y como queda demostrado con Id."}], "id": "CVE-2018-18606", "lastModified": "2024-11-21T03:56:14.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2018-10-23T17:29:00.517", "references": [{"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105754"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190307-0003/"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23806"}, {"source": "[email protected]", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc"}, {"source": "[email protected]", "url": "https://usn.ubuntu.com/4336-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190307-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45a0eaf77022963d639d6d19871dbab7b79703fc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4336-1/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", "id": "1647415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647415"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld."], "name": "CVE-2018-18606", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils220", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-18606\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18606"], "statement": "This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this NULL pointer dereference is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with ld. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.", "threat_severity": "Low"}