CVE-2019-14250MEDIUM
Description
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html
http://www.securityfocus.com/bid/109354
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html
https://security.gentoo.org/glsa/202007-39
https://security.netapp.com/advisory/ntap-20190822-0002/
Details
Source: MITRE
Published: 2019-07-24
Updated: 2020-11-02
Type: CWE-787
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 143785 | SUSE SLES15 Security Update : binutils (SUSE-SU-2020:3552-1) | Nessus | SuSE Local Security Checks | medium |
| 143614 | SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2020:3060-1) | Nessus | SuSE Local Security Checks | medium |
| 142255 | EulerOS 2.0 SP2 : binutils (EulerOS-SA-2020-2330) | Nessus | Huawei Local Security Checks | medium |
| 142149 | openSUSE Security Update : binutils (openSUSE-2020-1804) | Nessus | SuSE Local Security Checks | medium |
| 140839 | EulerOS 2.0 SP3 : binutils (EulerOS-SA-2020-2072) | Nessus | Huawei Local Security Checks | medium |
| 138962 | GLSA-202007-39 : Binutils: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 136959 | openSUSE Security Update : gcc9 (openSUSE-2020-716) | Nessus | SuSE Local Security Checks | medium |
| 136251 | EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2020-1548) | Nessus | Huawei Local Security Checks | medium |
| 135966 | Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1) | Nessus | Ubuntu Local Security Checks | high |
| 135628 | EulerOS Virtualization 3.0.2.2 : binutils (EulerOS-SA-2020-1466) | Nessus | Huawei Local Security Checks | high |
| 135398 | Ubuntu 16.04 LTS / 18.04 LTS : libiberty vulnerabilities (USN-4326-1) | Nessus | Ubuntu Local Security Checks | medium |
| 135150 | EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2020-1363) | Nessus | Huawei Local Security Checks | medium |
| 133976 | EulerOS 2.0 SP8 : binutils (EulerOS-SA-2020-1142) | Nessus | Huawei Local Security Checks | medium |
| 133895 | EulerOS 2.0 SP5 : binutils (EulerOS-SA-2020-1094) | Nessus | Huawei Local Security Checks | medium |
| 133791 | SUSE SLES12 Security Update : gcc9 (SUSE-SU-2020:0394-1) | Nessus | SuSE Local Security Checks | medium |
| 131311 | SUSE SLED15 / SLES15 Security Update : gcc9 (SUSE-SU-2019:3061-1) | Nessus | SuSE Local Security Checks | medium |
| 130160 | openSUSE Security Update : gcc7 (openSUSE-2019-2365) | Nessus | SuSE Local Security Checks | medium |
| 130159 | openSUSE Security Update : gcc7 (openSUSE-2019-2364) | Nessus | SuSE Local Security Checks | medium |
| 130002 | SUSE SLED15 / SLES15 Security Update : gcc7 (SUSE-SU-2019:2702-1) | Nessus | SuSE Local Security Checks | medium |
| 128734 | Photon OS 2.0: Binutils PHSA-2019-2.0-0173 | Nessus | PhotonOS Local Security Checks | medium |
| 128729 | Photon OS 3.0: Binutils PHSA-2019-3.0-0026 | Nessus | PhotonOS Local Security Checks | medium |