CVE-2019-9076Allocation of Resources Without Limits or Throttling in Binutils

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 70.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedFeb 24
Latest updateMay 13

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDgnu/binutils2.32

Patches

Patch: security.netapp.comPatch: security.netapp.com

🔴Vulnerability Details

3
GHSA
GHSA-c2qp-fwx3-8w48: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22022-05-13
CVEList
CVE-2019-9076: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22019-02-24
OSV
CVE-2019-9076: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22019-02-24

📋Vendor Advisories

2
Red Hat
binutils: excessive memory allocation in function elf_read_notes in elf.c2019-02-19
Microsoft
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.2019-02-12

💬Community

2
Bugzilla
CVE-2019-9076 binutils: excessive memory allocation in function elf_read_notes in elf.c [fedora-all]2019-02-25
Bugzilla
CVE-2019-9076 binutils: excessive memory allocation in function elf_read_notes in elf.c2019-02-25
CVE-2019-9076 — GNU Binutils vulnerability | cvebase