Allocation of Resources Without Limits or Throttling Affecting binutils package, versions <2.26.1-1ubuntu1~16.04.8+esm1
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Availability
High
Threat Intelligence
EPSS
0.19% (57th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1604-BINUTILS-561093
- published 24 Feb 2019
- disclosed 24 Feb 2019
Introduced: 24 Feb 2019
CVE-2019-9073 Open this link in a new tabHow to fix?
Upgrade Ubuntu:16.04 binutils to version 2.26.1-1ubuntu1~16.04.8+esm1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu.
See How to fix? for Ubuntu:16.04 relevant fixed versions and status.
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9073
- https://support.f5.com/csp/article/K37121474
- https://security-tracker.debian.org/tracker/CVE-2019-9073
- https://sourceware.org/bugzilla/show_bug.cgi?id=24233
- https://security.netapp.com/advisory/ntap-20190314-0003/
- https://usn.ubuntu.com/4336-1/
- https://security.gentoo.org/glsa/202107-24