It’s always interesting to hear from customers what concerns them. It helps us learn, it helps us be better, and sometimes it’s just downright boggling. Join me as I dive into a dissection of the super scary, critical vulnerability (as per NVD, anyways) CVSS 9.8 vulnerability in objdump: CVE-2018-12699. The customer’s security team that was so concerned because it showed up on a vulnerability scan and they needed it fixed. Did NVD get this right? Was the customer right to worry? Let’s look at the real risk.
References: