VDB

GCVE-110-MAGEIA-2020-112

GCVE-110-MAGEIA-2020-112
Advisory Published
Vulnetix · Advisory published March 6, 2020
This update provides the binutils 2.33.1 and fixes at least the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap- based buffer overflow (CVE-2019-14250). find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file )CVE-2019-17450). An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm (CVE-2019-17451). GNU binutils gold linker is affected by Improper Input Validation, Signed/ Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The attack vector is: An ELF file with an invalid e_shoff header field must be opened (CVE-2019-1010204). For more information about the other changes and additional features of binutils / gas / ld in this update, see the referenced sourceware.org NEWS links.

Affected Products

VendorProductVersionsPlatforms
Mageiabtrfs-progs0 (affected), 5.6-1.mga7 (unaffected)
Mageiabinutils0 (affected), 2.33.1-1.mga7 (unaffected), 0 (affected), 2.33.1-1.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›