CVE-2019-1010204

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Published : 2019-07-23 14:15 Updated : 2019-08-22 07:15

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Gnu Binutils 2.21.1 cpe:/a:gnu:binutils:2.21.1
Gnu Binutils 2.21.1a cpe:/a:gnu:binutils:2.21.1a
Gnu Binutils 2.22 cpe:/a:gnu:binutils:2.22
Gnu Binutils 2.23 cpe:/a:gnu:binutils:2.23
Gnu Binutils 2.23.1 cpe:/a:gnu:binutils:2.23.1
Gnu Binutils 2.23.2 cpe:/a:gnu:binutils:2.23.2
Gnu Binutils 2.24 cpe:/a:gnu:binutils:2.24
Gnu Binutils 2.25 cpe:/a:gnu:binutils:2.25
Gnu Binutils 2.25.1 cpe:/a:gnu:binutils:2.25.1
Gnu Binutils 2.26 cpe:/a:gnu:binutils:2.26
Gnu Binutils 2.26.1 cpe:/a:gnu:binutils:2.26.1
Gnu Binutils 2.27 cpe:/a:gnu:binutils:2.27
Gnu Binutils 2.28 cpe:/a:gnu:binutils:2.28
Gnu Binutils 2.28.1 cpe:/a:gnu:binutils:2.28.1
Gnu Binutils 2.29 cpe:/a:gnu:binutils:2.29
Gnu Binutils 2.29.1 cpe:/a:gnu:binutils:2.29.1
Gnu Binutils 2.30 cpe:/a:gnu:binutils:2.30
Gnu Binutils 2.31 cpe:/a:gnu:binutils:2.31
Gnu Binutils 2.31.1 cpe:/a:gnu:binutils:2.31.1
  1. Gnu (1) Search CVE
    1. Binutils (19) Search CVE
      1. 2.21.1
      2. 2.21.1a
      3. 2.22
      4. 2.23
      5. 2.23.1
      6. 2.23.2
      7. 2.24
      8. 2.25
      9. 2.25.1
      10. 2.26
      11. 2.26.1
      12. 2.27
      13. 2.28
      14. 2.28.1
      15. 2.29
      16. 2.29.1
      17. 2.30
      18. 2.31
      19. 2.31.1

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-08-22 07:15
2019-07-25 19:49
2019-07-23 15:31

New CVE