PT-2019-6392 · Gnu+3 · Gnu Binutils+3

Published

2019-06-17

Updated

2024-06-15

CVE-2019-12972

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.32

Description The issue is related to a heap-based buffer over-read in the Binary File Descriptor (BFD) library, specifically in the bfd doprnt function in bfd.c. This occurs because the elf object p function in elfcode.h mishandles an e shstrndx section of type SHT GROUP by omitting a trailing 0 character. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU Binutils version 2.32, consider applying a patch or updating to a newer version that fixes the heap-based buffer over-read issue in the bfd doprnt function. As a temporary workaround, restrict access to the elf object p function in elfcode.h to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-07804

CVE-2019-12972

OPENSUSE-SU-2020:1790-1

OPENSUSE-SU-2020:1804-1

OPENSUSE-SU-2020_1790-1

OPENSUSE-SU-2020_1804-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2020:3060-1

SUSE-SU-2020:3552-1

SUSE-SU-2020_3060-1

SUSE-SU-2020_3552-1

SUSE-SU-2021:3593-1

SUSE-SU-2021_3593-1

USN-4336-1

USN-4336-2

Affected Products

Alt Linux

Gnu Binutils

Suse

Ubuntu

PT-2019-6392 · Gnu+3 · Gnu Binutils+3

CVE-2019-12972

Weakness Enumeration

Related Identifiers

Affected Products

References · 683