CVE-2019-1010204 - OpenCVE

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Binutils Gold Binutils
Netapp	Hci Management Node Solidfire

Configuration 1 [-]

OR	cpe:2.3:a:gnu:binutils::::::::
	cpe:2.3:a:gnu:binutils_gold::::::::

Configuration 2 [-]

OR	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*

References

Link	Resource
https://security.netapp.com/advisory/ntap-20190822-0001/	Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=23765	Issue Tracking Third Party Advisory
https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-23T13:39:02

Updated: 2019-12-10T02:06:04

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010204

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-23T14:15:13.373

Modified: 2023-11-07T03:02:17.510

Link: CVE-2019-1010204

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "gold", "vendor": "GNU binutils", "versions": [{"status": "affected", "version": "gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1)"}]}], "descriptions": [{"lang": "en", "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."}], "problemTypes": [{"descriptions": [{"description": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-10T02:06:04", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190822-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gold", "version": {"version_data": [{"version_value": "gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1)"}]}}]}, "vendor_name": "GNU binutils"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765"}, {"name": "https://security.netapp.com/advisory/ntap-20190822-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190822-0001/"}, {"name": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&utm_medium=RSS"}]}}}}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010204", "datePublished": "2019-07-23T13:39:02", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2019-12-10T02:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1BF4DF3-4D96-4488-A1F7-38A7AF5DC725", "versionEndIncluding": "2.31.1", "versionStartIncluding": "2.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A4DA53-C77B-4E9E-94E3-D7F63C44A2F6", "versionEndIncluding": "1.16", "versionStartIncluding": "1.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."}, {"lang": "es", "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) est\u00e1 afectado por: Validaci\u00f3n incorrecta de entrada, comparaci\u00f3n firmada / sin firmar, lectura fuera de l\u00edmites. El impacto es: Denegaci\u00f3n de servicio. El componente es: gold / fileread.cc: 497, elfcpp / elfcpp_file.h: 644. El vector de ataque es: Se debe abrir un archivo ELF con un campo de encabezado e_shoff no v\u00e1lido."}], "id": "CVE-2019-1010204", "lastModified": "2023-11-07T03:02:17.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T14:15:13.373", "references": [{"source": "josh@bress.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190822-0001/"}, {"source": "josh@bress.net", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765"}, {"source": "josh@bress.net", "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-681"}], "source": "nvd@nist.gov", "type": "Primary"}]}