PT-2019-6366 · Gnu+3 · Gnu Binutils+3
Spinpx
·
Publicado
2019-02-18
·
Atualizado
2023-08-16
·
CVE-2019-9070
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GNU Binutils version 2.32
Description
The issue is a heap-based buffer over-read in the
d expression 1 function in cp-demangle.c after many recursive calls. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.Recommendations
For GNU Binutils version 2.32, consider disabling the
d expression 1 function in cp-demangle.c as a temporary workaround until a patch is available. Restrict access to the cp-demangle.c component to minimize the risk of exploitation. Avoid using the d expression 1 function in recursive calls until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Gnu Binutils
Ubuntu