CVE-2018-7569
Description
An integer underflow/overflow in BFD's DWARF handling in GNU Binutils 2.30 allows a denial of service via a crafted ELF file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An integer underflow/overflow in BFD's DWARF handling in GNU Binutils 2.30 allows a denial of service via a crafted ELF file.
Vulnerability
In GNU Binutils 2.30, the dwarf2.c file in the Binary File Descriptor (BFD) library (libbfd) contains an integer underflow or overflow vulnerability when processing a corrupt DWARF FORM block in an ELF file. This can be triggered by providing a specially crafted ELF binary to utilities such as nm. [1][2][3]
Exploitation
An attacker can exploit this vulnerability by convincing a user to examine a malicious ELF file with any BFD-based tool (e.g., nm). No special privileges are required beyond local file access; the attack is remote in the sense that the malicious file can be downloaded from the internet or received by other means. [3]
Impact
Successful exploitation causes an application crash due to the integer underflow or overflow, leading to a denial of service. The vulnerability does not allow code execution or privilege escalation based on available information. [1][3]
Mitigation
Red Hat Enterprise Linux advisory RHSA-2018:3032 provides updated binutils packages that fix the vulnerability. [1] Gentoo users should upgrade to >=sys-devel/binutils-2.30-r2. [3] The advisory RHBA-2019:0327 for OpenShift Container Platform indirectly includes the fix in a broader image update. [2] No workaround is known; users must apply the updated package. [3]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
44- osv-coords43 versionspkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.32-lp150.10.1+ 42 more
- (no CPE)range: < 2.32-lp150.10.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.37-1.3
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-6.3.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.31-6.3.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6- lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHBA-2019:0327mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:3032mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201811-17mitrevendor-advisoryx_refsource_GENTOO
- sourceware.org/bugzilla/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.