CVE-2019-1010204

Published: 23 July 2019

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
binutils Launchpad, Ubuntu, Debian	Upstream	Needs triage

	Ubuntu 20.10 (Groovy Gorilla)	Deferred
	Ubuntu 20.04 LTS (Focal Fossa)	Deferred
	Ubuntu 18.04 LTS (Bionic Beaver)	Deferred
	Ubuntu 16.04 LTS (Xenial Xerus)	Deferred
	Ubuntu 14.04 ESM (Trusty Tahr)	Deferred
	Ubuntu 12.04 ESM (Precise Pangolin)	Deferred
	Patches: Other: https://sourceware.org/legacy-ml/binutils/2019-08/msg00022.html

Notes

Author	Note
mdeslaur	as of 2020-10-19, proposed patch not committed

References

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=23765

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM