CVE-2019-14250 — Integer Overflow or Wraparound in Binutils
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 59.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 24
Latest updateMay 24
Description
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 16.04, 18.04
🔴Vulnerability Details
3GHSA▶
GHSA-cxc9-2rq6-pr6h: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2↗2022-05-24
CVEList▶
CVE-2019-14250: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2↗2019-07-24
OSV▶
CVE-2019-14250: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2↗2019-07-24
📋Vendor Advisories
6Red Hat
▶
Microsoft▶
An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value leading to an integer overflow and↗2019-07-09
💬Community
3Bugzilla▶
CVE-2019-14250 gcc: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow [fedora-all]↗2019-08-21
Bugzilla▶
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow↗2019-08-09
Bugzilla▶
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow [fedora-all]↗2019-08-09