CVE-2019-12972 — Out-of-bounds Read in Binutils
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 30.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 26
Latest updateMay 24
Description
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 18.04
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8q59-68wh-w68x: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-24
OSV▶
CVE-2019-12972: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-06-26
CVEList▶
CVE-2019-12972: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-06-26
📋Vendor Advisories
5Microsoft▶
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_↗2019-06-11
Debian▶
CVE-2019-12972: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)...↗2019