Unrated severityOSV Advisory· Published Jan 4, 2019· Updated Aug 5, 2024

CVE-2018-20671

Description

An integer overflow in load_specific_debug_section in GNU Binutils up to 2.31.1 leads to heap-based buffer overflow via crafted section size.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An integer overflow in load_specific_debug_section in GNU Binutils up to 2.31.1 leads to heap-based buffer overflow via crafted section size.

Vulnerability

load_specific_debug_section in objdump.c of GNU Binutils through version 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow [1]. The bug occurs when processing a crafted section size from a malformed object file; the integer overflow leads to an undersized heap allocation, followed by a write past the allocated buffer.

Exploitation

An attacker must craft a malicious object file containing a specially crafted section size value that causes an integer overflow. The target user must then open or process this file with a tool that invokes objdump (or another affected utility) on the file. No special privileges are needed; the attack is triggered by file processing.

Impact

Successful exploitation can cause a denial of service (crash) or possibly arbitrary code execution with the privileges of the user running the tool [1]. The impact is limited to the scope of the affected utility's memory space.

Mitigation

Ubuntu 18.04 LTS addressed this vulnerability in package version 2.30-21ubuntu1~18.04.3, as part of USN-4336-1 [1]. Users of other distributions should update to a fixed version of GNU Binutils (2.32 or later) if available. No workaround is possible other than not processing untrusted files.

References

USN-4336-1: GNU binutils vulnerabilities | Ubuntu security notices | Ubuntu

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

GNU/BinutilsOSV2 versions
binutils-2_31, binutils-2_31_1, gdb-4_18-branchpoint, …+ 1 more
- (no CPE)range: binutils-2_31, binutils-2_31_1, gdb-4_18-branchpoint, …
- (no CPE)range: <=2.31.1
osv-coords54 versions
pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/binutils&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.32-lp150.10.1+ 53 more
- (no CPE)range: < 2.32-lp150.10.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.37-1.3
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.htmlmitrevendor-advisoryx_refsource_SUSE
usn.ubuntu.com/4336-1/mitrevendor-advisoryx_refsource_UBUNTU
www.securityfocus.com/bid/106457mitrevdb-entryx_refsource_BID
sourceware.org/bugzilla/show_bug.cgimitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000