CVE-2019-9075: Buffer Overflow
First published: Sun Feb 24 2019(Updated: )
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Binutils | =2.32 | |
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Canonical Ubuntu Linux | =18.04 | |
| F5 BIG-IP Access Policy Manager | =14.1.0 | |
| F5 BIG-IP Access Policy Manager | =15.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | =14.1.0 | |
| F5 BIG-IP Advanced Firewall Manager | =15.0.0 | |
| F5 BIG-IP Analytics | =14.1.0 | |
| F5 BIG-IP Analytics | =15.0.0 | |
| F5 Big-ip Application Acceleration Manager | =14.1.0 | |
| F5 Big-ip Application Acceleration Manager | =15.0.0 | |
| F5 BIG-IP Application Security Manager | =14.1.0 | |
| F5 BIG-IP Application Security Manager | =15.0.0 | |
| F5 Big-ip Domain Name System | =14.1.0 | |
| F5 Big-ip Domain Name System | =15.0.0 | |
| F5 Big-ip Edge Gateway | =14.1.0 | |
| F5 Big-ip Edge Gateway | =15.0.0 | |
| F5 Big-ip Fraud Protection Service | =14.1.0 | |
| F5 Big-ip Fraud Protection Service | =15.0.0 | |
| F5 Big-ip Global Traffic Manager | =14.1.0 | |
| F5 Big-ip Global Traffic Manager | =15.0.0 | |
| F5 Big-ip Link Controller | =14.1.0 | |
| F5 Big-ip Link Controller | =15.0.0 | |
| F5 Big-ip Local Traffic Manager | =14.1.0 | |
| F5 Big-ip Local Traffic Manager | =15.0.0 | |
| F5 Big-ip Policy Enforcement Manager | =14.1.0 | |
| F5 Big-ip Policy Enforcement Manager | =15.0.0 | |
| F5 Big-ip Policy Webaccelerator | =14.1.0 | |
| F5 Big-ip Webaccelerator | =15.0.0 | |
| debian/binutils | 2.35.2-2 2.40-2 2.43.1-3 2.43.1-5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html
- https://security.gentoo.org/glsa/202107-24
- https://security.netapp.com/advisory/ntap-20190314-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=24236
- https://support.f5.com/csp/article/K42059040
- https://usn.ubuntu.com/4336-1/
- https://launchpad.net/bugs/cve/CVE-2019-9075
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8abac8031ed369a2734b1cdb7df28a39a54b4b49
- https://security-tracker.debian.org/tracker/CVE-2019-9075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075
- https://nvd.nist.gov/vuln/detail/CVE-2019-9075
- https://ubuntu.com/security/CVE-2019-9075
Frequently Asked Questions
What is the severity of CVE-2019-9075?
The severity of CVE-2019-9075 is high.
What is the affected software for CVE-2019-9075?
The affected software for CVE-2019-9075 is GNU Binutils version 2.32.
How can I fix CVE-2019-9075?
To fix CVE-2019-9075, update to version 2.35.2-2, 2.40-2, or 2.41-5 of the binutils package.
Where can I find more information about CVE-2019-9075?
More information about CVE-2019-9075 can be found on the following sites: [link1](https://security.netapp.com/advisory/ntap-20190314-0003/), [link2](https://support.f5.com/csp/article/K42059040), [link3](https://sourceware.org/bugzilla/show_bug.cgi?id=24236).
What is the Common Weakness Enumeration (CWE) ID for CVE-2019-9075?
The Common Weakness Enumeration (CWE) ID for CVE-2019-9075 is 119.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/gnu
- canonical/gnu binutils
- version/gnu binutils/2.32
- vendor/netapp
- canonical/netapp hci management node
- canonical/netapp solidfire
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/14.1.0
- version/f5 big-ip access policy manager/15.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/14.1.0
- version/f5 big-ip advanced firewall manager/15.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/14.1.0
- version/f5 big-ip analytics/15.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/14.1.0
- version/f5 big-ip application acceleration manager/15.0.0
- canonical/f5 big-ip application security manager
- version/f5 big-ip application security manager/14.1.0
- version/f5 big-ip application security manager/15.0.0
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/14.1.0
- version/f5 big-ip domain name system/15.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/14.1.0
- version/f5 big-ip edge gateway/15.0.0
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/14.1.0
- version/f5 big-ip fraud protection service/15.0.0
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/14.1.0
- version/f5 big-ip global traffic manager/15.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/14.1.0
- version/f5 big-ip link controller/15.0.0
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/14.1.0
- version/f5 big-ip local traffic manager/15.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/14.1.0
- version/f5 big-ip policy enforcement manager/15.0.0
- canonical/f5 big-ip policy webaccelerator
- version/f5 big-ip policy webaccelerator/14.1.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/15.0.0
- package-manager/debian