GNU Binutils is prone to a heap-based buffer-overflow vulnerability.
Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
GNU Binutils 2.32 is vulnerable; other versions may also be affected.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 108903 |
| Class: | Boundary Condition Error |
| CVE: | CVE-2019-12972 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2019 12:00AM |
| Updated: | Jun 26 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | GNU Binutils 2.32 |
| Not Vulnerable: | |
References:
- Bug 24689 - string table corruption (sourceware.org)
- GNU Homepage (binutils)
- PR24689, string table corruption (GNU)
from SecurityFocus Vulnerabilities https://ift.tt/2J7LliQ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.