PT-2019-6392 · Gnu+3 · Gnu Binutils+3

Publicado

2019-06-17

Atualizado

2024-06-15

CVE-2019-12972

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.32

Description The issue is related to a heap-based buffer over-read in the Binary File Descriptor (BFD) library, specifically in the bfd doprnt function in bfd.c. This occurs because the elf object p function in elfcode.h mishandles an e shstrndx section of type SHT GROUP by omitting a trailing 0 character. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU Binutils version 2.32, consider applying a patch or updating to a newer version that fixes the heap-based buffer over-read issue in the bfd doprnt function. As a temporary workaround, restrict access to the elf object p function in elfcode.h to minimize the risk of exploitation.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-07804

CVE-2019-12972

OPENSUSE-SU-2020:1790-1

OPENSUSE-SU-2020:1804-1

OPENSUSE-SU-2020_1790-1

OPENSUSE-SU-2020_1804-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2020:3060-1

SUSE-SU-2020:3552-1

SUSE-SU-2020_3060-1

SUSE-SU-2020_3552-1

SUSE-SU-2021:3593-1

SUSE-SU-2021_3593-1

USN-4336-1

USN-4336-2

Produtos afetados

Alt Linux

Gnu Binutils

Suse

Ubuntu

PT-2019-6392 · Gnu+3 · Gnu Binutils+3

CVE-2019-12972

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 683