First published: Thu Oct 10 2019(Updated: )
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.32 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
Canonical Ubuntu Linux | =18.04 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17450 is a vulnerability in the libbfd library, as distributed in GNU Binutils 2.32, that allows remote attackers to cause a denial of service.
The severity of CVE-2019-17450 is not specified in the provided information.
CVE-2019-17450 can cause a denial of service in the Binary File Descriptor (BFD) library, which is a part of Binutils.
Versions 2.30-21ubuntu1~18.04.3 and 2.26.1-1ubuntu1~16.04.8+ of Binutils on Ubuntu, and versions up to 2.31.1-16 on Debian are affected.
To fix CVE-2019-17450, update Binutils to version 2.35.2-2, 2.40-2, or 2.41-5 on Debian, or follow the remedy provided by Ubuntu for the specific affected versions.