PT-2019-1519 · Gnu+4 · Gnu Binutils+4

Spinpx

·

Published

2019-02-19

·

Updated

2024-06-15

·

CVE-2019-9075

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.32
Description The issue is a heap-based buffer overflow in the bfd archive 64 bit slurp armap function, located in archive64.c, which is part of the Binary File Descriptor (BFD) library. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For GNU Binutils version 2.32, consider disabling the bfd archive 64 bit slurp armap function as a temporary workaround until a patch is available. Restrict access to the archive64.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2020-3352
ALT-PU-2020-3433
ALT-PU-2021-1230
BDU:2019-00981
CVE-2019-9075
MGASA-2019-0169
OPENSUSE-SU-2020:1790-1
OPENSUSE-SU-2020:1804-1
OPENSUSE-SU-2020_1790-1
OPENSUSE-SU-2020_1804-1
OPENSUSE-SU-2024:10651-1
SUSE-SU-2020:3060-1
SUSE-SU-2020:3552-1
SUSE-SU-2021:3593-1
USN-4336-1
USN-4336-2

Affected Products

Alt Linux
Astra Linux
Gnu Binutils
Suse
Ubuntu