CVE-2019-9073 — Allocation of Resources Without Limits or Throttling in Binutils

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-400 — Uncontrolled Resource Consumption11 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 49.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils Canonical Ubuntu Linux

Timeline

PublishedFeb 24

Latest updateMay 13

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/binutils< 2.32.51.20190707-1+3

▶NVDgnu/binutils2.32

Also affects: Ubuntu Linux 18.04

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-p22v-gx7q-2q9r: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-13

▶

CVEList

CVE-2019-9073: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-02-24

▶

OSV

CVE-2019-9073: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-02-24

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Ubuntu

GNU binutils vulnerabilities↗2020-04-22

▶

Red Hat

binutils: excessive memory allocation in function _bfd_elf_slurp_version_tables in elf.c↗2019-02-19

▶

Microsoft

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in↗2019-02-12

▶

Debian

CVE-2019-9073: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)...↗2019

▶

💬Community

Bugzilla

CVE-2019-9073 binutils: excessive memory allocation in function _bfd_elf_slurp_version_tables in elf.c↗2019-02-25

▶

Bugzilla

CVE-2019-9073 binutils: excessive memory allocation in function _bfd_elf_slurp_version_tables in elf.c [fedora-all]↗2019-02-25

▶