Veracode Vulnerability DatabaseVERACODE:20084Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Binutils is vulnerable to denial of service (DoS) attacks. The vulnerability exists in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library. A remote attacker could cause an application crash via an ELF file with corrupt dwarf1 debug information impacting availability of the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| binutils | eq | 2.27__28.base.el7_5.1 | |
| binutils | eq | 2.27__27.base.el7 |
References
lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHBA-2019:0327
access.redhat.com/errata/RHSA-2018:3032
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1439351
bugzilla.redhat.com/show_bug.cgi?id=1553842
bugzilla.redhat.com/show_bug.cgi?id=1557346
bugzilla.redhat.com/show_bug.cgi?id=1573872
security.gentoo.org/glsa/201811-17
sourceware.org/bugzilla/show_bug.cgi?id=22894
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P