CVE-2019-9072Allocation of Resources Without Limits or Throttling in Binutils

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 64.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedFeb 24
Latest updateMay 13

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDgnu/binutils2.32

Patches

Patch: security.netapp.comPatch: security.netapp.com

🔴Vulnerability Details

3
GHSA
GHSA-f96p-jhrp-872g: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22022-05-13
OSV
CVE-2019-9072: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22019-02-24
CVEList
CVE-2019-9072: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22019-02-24

📋Vendor Advisories

2
Red Hat
binutils: excessive memory allocation in function setup_group in elf.c2019-02-19
Microsoft
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.2019-02-12

💬Community

2
Bugzilla
CVE-2019-9072 binutils: excessive memory allocation in function setup_group in elf.c2019-02-25
Bugzilla
CVE-2019-9072 binutils: excessive memory allocation in function setup_group in elf.c [fedora-all]2019-02-25
CVE-2019-9072 — GNU Binutils vulnerability | cvebase