Improper Input Validation in binutils

Do your applications use this vulnerable package? Test your applications

Overview

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

References

CONFIRM
Debian Security Tracker
MISC
Netapp Security Advisory
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-1010204
CWE: CWE-125 CWE-20
Snyk ID: SNYK-DEBIAN9-BINUTILS-455452
Disclosed: 23 Jul, 2019
Published: 25 Jul, 2019

Improper Input Validation
Affecting binutils package, versions *

Overview

References

CVSS Score

Improper Input Validation Affecting binutils package, versions *

Overview

References

Improper Input Validation
Affecting binutils package, versions *