PT-2019-6397 · Gnu+5 · Gnu Binutils+5

Zjuchenyuan

Publicado

2019-10-07

Atualizado

2024-06-15

CVE-2019-17451

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.32

Description The issue is related to an integer overflow in the Binary File Descriptor (BFD) library, specifically in the bfd dwarf2 find nearest line function in dwarf2.c. This can lead to a segmentation fault (SEGV). The vulnerability is also described as affecting the bfd dwarf2 slurp debug info function and is related to an integer overflow, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU Binutils version 2.32, consider updating to a newer version that addresses the integer overflow issue in the BFD library. As a temporary workaround, consider restricting access to the dwarf2.c component or the bfd dwarf2 find nearest line and bfd dwarf2 slurp debug info functions to minimize the risk of exploitation.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-07809

CESA-2020_1797

CVE-2019-17451

MGASA-2020-0112

OPENSUSE-SU-2020:1790-1

OPENSUSE-SU-2020:1804-1

OPENSUSE-SU-2020_1790-1

OPENSUSE-SU-2020_1804-1

OPENSUSE-SU-2024:10651-1

RHSA-2020:1797

RHSA-2020_1797

SUSE-SU-2020:3060-1

SUSE-SU-2020:3552-1

SUSE-SU-2021:3593-1

USN-4336-1

USN-4336-2

Produtos afetados

Alt Linux

Centos

Gnu Binutils

Red Hat

Suse

Ubuntu

PT-2019-6397 · Gnu+5 · Gnu Binutils+5

CVE-2019-17451

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 661