CVE-2019-17450 — Uncontrolled Recursion in Binutils
Severity
6.5MEDIUMNVD
EPSS
1.1%
top 22.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 10
Latest updateMay 24
Description
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 18.04
🔴Vulnerability Details
3📋Vendor Advisories
5Microsoft▶
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32 allows remote attackers to cause a denial of service (infinite recursion↗2019-10-08
Debian▶
CVE-2019-17450: binutils - find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (...↗2019
💬Community
5Bugzilla
▶
Bugzilla▶
CVE-2019-17450 mingw-binutils: binutils: denial of service via crafted ELF file [fedora-all]↗2019-11-12
Bugzilla
▶