CVE-2019-17451 — Integer Overflow or Wraparound in Binutils

CWE-190 — Integer Overflow or Wraparound14 documents9 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 27.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedOct 10

Latest updateMay 24

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debiangnu/binutils< 2.34-1+3

▶NVDgnu/binutils2.32

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 18.04

🔴Vulnerability Details

GHSA

GHSA-f35q-5cxw-mfww: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-24

▶

OSV

CVE-2019-17451: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-10-10

▶

CVEList

CVE-2019-17451: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-10-10

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Ubuntu

GNU binutils vulnerabilities↗2020-04-22

▶

Microsoft

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dw↗2019-10-08

▶

Red Hat

binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c↗2019-10-07

▶

Debian

CVE-2019-17451: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)...↗2019

▶

💬Community

Bugzilla

CVE-2019-17451 mingw-binutils: binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c [fedora-all]↗2019-11-12

▶

Bugzilla

CVE-2019-17451 mingw-binutils: binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c [epel-6]↗2019-11-12

▶

Bugzilla

CVE-2019-17451 binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c↗2019-11-12

▶

Bugzilla

CVE-2019-17451 mingw-binutils: binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c [epel-7]↗2019-11-12

▶

Bugzilla

CVE-2019-17451 binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c [fedora-all]↗2019-11-12

▶