Описание
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.29-1ubuntu1 |
| bionic | not-affected | 2.29-1ubuntu1 |
| cosmic | not-affected | 2.29-1ubuntu1 |
| devel | not-affected | 2.29-1ubuntu1 |
| disco | not-affected | 2.29-1ubuntu1 |
| eoan | not-affected | 2.29-1ubuntu1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 2.29-1ubuntu1 |
| esm-infra/focal | not-affected | 2.29-1ubuntu1 |
| esm-infra/xenial | needed |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
The get_build_id function in opncls.c in the Binary File Descriptor (B ...
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3