cbcvebase.
CVE-2019-9070
published 2019-02-24

CVE-2019-9070: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after…

high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

Affected

12 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianbinutils< binutils 2.32.51.20190707-1 (bookworm)binutils 2.32.51.20190707-1 (bookworm)
f5traffix_signaling_delivery_controller5.0.0 – 5.1.0
gnubinutils
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_binutils_2.32-3_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH