Vulnerability CVE-2019-17450


Published: 2019-10-10

Description:
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Type:

CWE-674

(Uncontrolled Recursion)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
GNU -> Binutils 

 References:
https://sourceware.org/bugzilla/show_bug.cgi?id=25078

Copyright 2020, cxsecurity.com

 

Back to Top