PT-2019-6366 · Gnu+3 · Gnu Binutils+3

Spinpx

Published

2019-02-18

Updated

2023-08-16

CVE-2019-9070

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.32

Description The issue is a heap-based buffer over-read in the d expression 1 function in cp-demangle.c after many recursive calls. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For GNU Binutils version 2.32, consider disabling the d expression 1 function in cp-demangle.c as a temporary workaround until a patch is available. Restrict access to the cp-demangle.c component to minimize the risk of exploitation. Avoid using the d expression 1 function in recursive calls until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-03819

CVE-2019-9070

USN-4326-1

USN-4336-1

USN-4336-2

Affected Products

Alt Linux

Astra Linux

Gnu Binutils

Ubuntu

PT-2019-6366 · Gnu+3 · Gnu Binutils+3

CVE-2019-9070

Weakness Enumeration

Related Identifiers

Affected Products

References · 501