ALPINE-CVE-2018-20002 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2018-20002 PUBLISHED CVSS 5.5 MEDIUM

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.21	binutils	2.31.1-r2, 2.31.1-r1, 2.31.1-r0
Alpine:v3.19	binutils	2.31.1-r2, 2.20.51.0.12-r0, 2.20.51.0.4-r1
Alpine:v3.23	binutils	0, 2.20.51.0.12-r0, 2.20.51.0.4-r1
Alpine:v3.16	binutils	0, 0, 2.20.51.0.12-r0
Alpine:v3.10	binutils	0, 2.20.51.0.12-r0, 2.31.1-r2
Alpine:v3.12	binutils	0, 2.20.51.0.4-r1, 2.21-r0
Alpine:v3.14	binutils	0, 2.20.51.0.12-r0, 2.20.51.0.4-r1
Alpine:v3.22	binutils	0, 2.20.51.0.12-r0, 2.20.51.0.4-r1
Alpine:v3.20	binutils	2.31.1-r2, 2.20.51.0.12-r0, 2.20.51.0.4-r1
Alpine:v3.13	binutils	0, 0, 2.20.51.0.12-r0
Alpine:v3.17	binutils	0, 2.31.1-r2, 2.31.1-r1
Alpine:v3.15	binutils	2.31.1-r2, 2.31.1-r1, 2.31.1-r0
Alpine:v3.18	binutils	2.31.1-r2, 2.31.1-r1, 2.31.1-r0
Alpine:v3.11	binutils	2.31.1-r2, 2.31.1-r1, 2.31.1-r0

Timeline

Dec 10, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-20002 advisory

Open in Interactive Console →