CVE-2019-9073

Published: Feb 24, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

Affected (4)

Products: Gnu: Binutils · Netapp: Hci Management Node, Solidfire · Canonical: Ubuntu Linux

1 product

2 products

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Binutils	Version 2.32

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (10)

https://security.gentoo.org/glsa/202107-24

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190314-0003/

Source: cve@mitre.org

PatchThird Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=24233

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://support.f5.com/csp/article/K37121474

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4336-1/

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/202107-24