Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010204

Опубликовано: 24 июл. 2019
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Отчет

This issue affects the binutils package version as shipped with Red Hat Enterprise Linux 7 and 8. The security impact was classified as 'Low' by the Red Hat Product Security Team. Red Hat Enterprise Linux 5 and 6 are not affected as ld.gold is not shipped with any of these version. This flaw also affects the binutils versions shipped with Red Hat Developer Toolset 7 and 8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5binutilsNot affected
Red Hat Enterprise Linux 6binutilsNot affected
Red Hat Enterprise Linux 7binutilsFix deferred
Red Hat Enterprise Linux 8binutilsFixedRHSA-2020:179728.04.2020
Red Hat Enterprise Linux 8binutilsFixedRHSA-2020:179728.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1735604binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

EPSS

Процентиль: 30%
0.00109
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010204

CVSS3: 5.5
ubuntu
около 6 лет назад

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

nvd логотип

CVE-2019-1010204

CVSS3: 5.5
nvd
около 6 лет назад

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

debian логотип

CVE-2019-1010204

CVSS3: 5.5
debian
около 6 лет назад

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...

github логотип

GHSA-r3p5-p24x-hqxq

CVSS3: 5.5
github
больше 3 лет назад

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

fstec логотип

BDU:2024-06973

CVSS3: 5.5
fstec
почти 7 лет назад

Уязвимость компонента gold/fileread.cc программного средства разработки GNU Binutils, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 30%
0.00109
Низкий

4.7 Medium

CVSS3