Lucene search

Veracode Vulnerability DatabaseVERACODE:20088

HistoryMay 16, 2019 - 3:54 a.m.

Denial Of Service (DoS)

2019-05-1603:54:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.009 Low

EPSS

Percentile

82.9%

JSON

Binary File Descriptor (BFD) library distributed in GNU Binutils is vulnerable to denial of service(DoS) attacks. This exists in the bfd_section_from_shdr function in elf.c which allows remote attackers to cause a application crash (segmentation fault) via a large attribute section.

CPENameOperatorVersion
binutilseq2.27__28.base.el7_5.1
binutilseq2.27__27.base.el7
binutils:bioniceq2.30-15ubuntu1

Name	Operator	Version
binutils	eq	2.27__28.base.el7_5.1
binutils	eq	2.27__27.base.el7
binutils:bionic	eq	2.30-15ubuntu1

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

access.redhat.com/errata/RHBA-2019:0327

access.redhat.com/errata/RHSA-2018:3032

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/show_bug.cgi?id=1439351

bugzilla.redhat.com/show_bug.cgi?id=1553842

bugzilla.redhat.com/show_bug.cgi?id=1557346

bugzilla.redhat.com/show_bug.cgi?id=1573872

security.gentoo.org/glsa/201811-17

sourceware.org/bugzilla/show_bug.cgi?id=22809

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for VERACODE:20088