CVE-2019-9076

Published: Feb 24, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

Affected (2)

Products: Gnu: Binutils · Netapp: Element Software Management

Gnu

1 product

Binutils

Netapp

1 product

Element Software Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Binutils	Version 2.32

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Element Software Management	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (8)

https://security.gentoo.org/glsa/202107-24

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190314-0003/

Source: cve@mitre.org

PatchThird Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=24238

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://support.f5.com/csp/article/K44650639

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/202107-24

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190314-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=24238

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://support.f5.com/csp/article/K44650639

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.