CVE-2018-12699
Description
finish_stab in stabs.c of GNU Binutils 2.30 has an 8-byte heap buffer overflow leading to denial of service or possibly code execution when objdump processes a crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
finish_stab in stabs.c of GNU Binutils 2.30 has an 8-byte heap buffer overflow leading to denial of service or possibly code execution when objdump processes a crafted file.
Vulnerability
The vulnerability resides in the finish_stab function within stabs.c of GNU Binutils version 2.30 [2]. A heap-based buffer overflow occurs when processing stabs debugging information while using objdump. The overflow allows an out-of-bounds write of 8 bytes. This bug is reachable when objdump is invoked with options such as --dwarf-check, -C, -g, -f, -dwarf, or -x on a specially crafted binary file [2].
Exploitation
An attacker must supply a specially crafted binary file that, when processed by objdump with the relevant flags, triggers the heap buffer overflow. No prior authentication or special network position is needed; user interaction is required to open the malicious file. The exploit sequence involves the corrupted stabs data causing finish_stab to write beyond the allocated heap buffer [2].
Impact
A successful write of 8 bytes out-of-bounds can cause a crash (denial of service) or potentially allow arbitrary code execution, depending on heap layout and mitigations [1][2]. The attacker's code could execute in the context of the objdump process with the user's privileges.
Mitigation
The fix is included in binutils version 2.30-21ubuntu1~18.04.3 for Ubuntu 18.04 LTS [1]. Gentoo users should upgrade to sys-devel/binutils-2.32-r1 or later [3]. No known workaround other than applying the update is available [3].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- osv-coords2 versions
< 2.30-125.el8_10+ 1 more
- (no CPE)range: < 2.30-125.el8_10
- (no CPE)range: < 2.30-125.el8_10
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking in `finish_stab` allows a heap-based buffer overflow of 8 bytes when processing malformed DWARF debug information."
Attack vector
An attacker crafts a malicious binary file containing a specially formed DWARF debug section. When a victim runs `objdump` with flags such as `--dwarf-check`, `-g`, or `-x` against this file, the `finish_stab` function performs an out-of-bounds write of 8 bytes on the heap [ref_id=1]. The attack requires no special privileges beyond the ability to deliver the crafted file to the victim.
Affected code
The vulnerability resides in the `finish_stab` function within `stabs.c` of GNU Binutils 2.30. The bug is triggered when `objdump` processes a malformed DWARF debug information section, leading to a heap-based buffer overflow.
What the fix does
The advisory does not include a patch or detailed remediation guidance. The bug report [ref_id=1] confirms the issue in binutils 2.30 and provides ASAN reproduction steps, but no fix commit is referenced. Users are advised to monitor the binutils project for a future release that addresses the heap buffer overflow in `finish_stab`.
Preconditions
- inputVictim must run objdump with DWARF-related flags (e.g., --dwarf-check, -g, -x) against a crafted binary
- networkAttacker must deliver a malicious binary file to the victim
Reproduction
Build binutils 2.30 with AddressSanitizer as described in the bug report [ref_id=1]: `CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure && make`. Then run: `ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./objdump --dwarf-check -C -g -f -dwarf -x $crash_file` [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- security.gentoo.org/glsa/201908-01mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4336-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/104540mitrevdb-entryx_refsource_BID
- bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102mitrex_refsource_MISC
- gcc.gnu.org/bugzilla/show_bug.cgimitrex_refsource_MISC
- sourceware.org/bugzilla/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.