CVE-2019-9071

Published: Feb 24, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Affected (6)

Products: Gnu: Binutils · Netapp: Hci Management Node, Solidfire · Canonical: Ubuntu Linux

1 product

2 products

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Binutils	Version 2.32

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

CWE-674

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (16)

http://www.securityfocus.com/bid/107147

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://security.gentoo.org/glsa/202107-24

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190314-0003/

Source: cve@mitre.org

PatchThird Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=24227

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://support.f5.com/csp/article/K02884135

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4326-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4336-1/

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/107147