PT-2019-6397 · Gnu+5 · Gnu Binutils+5

Zjuchenyuan

Published

2019-10-07

Updated

2024-06-15

CVE-2019-17451

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.32

Description The issue is related to an integer overflow in the Binary File Descriptor (BFD) library, specifically in the bfd dwarf2 find nearest line function in dwarf2.c. This can lead to a segmentation fault (SEGV). The vulnerability is also described as affecting the bfd dwarf2 slurp debug info function and is related to an integer overflow, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU Binutils version 2.32, consider updating to a newer version that addresses the integer overflow issue in the BFD library. As a temporary workaround, consider restricting access to the dwarf2.c component or the bfd dwarf2 find nearest line and bfd dwarf2 slurp debug info functions to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-07809

CESA-2020_1797

CVE-2019-17451

MGASA-2020-0112

OPENSUSE-SU-2020:1790-1

OPENSUSE-SU-2020:1804-1

OPENSUSE-SU-2020_1790-1

OPENSUSE-SU-2020_1804-1

OPENSUSE-SU-2024:10651-1

RHSA-2020:1797

RHSA-2020_1797

SUSE-SU-2020:3060-1

SUSE-SU-2020:3552-1

SUSE-SU-2021:3593-1

USN-4336-1

USN-4336-2

Affected Products

Alt Linux

Centos

Gnu Binutils

Red Hat

Suse

Ubuntu

PT-2019-6397 · Gnu+5 · Gnu Binutils+5

CVE-2019-17451

Weakness Enumeration

Related Identifiers

Affected Products

References · 661