CVE-2019-1010204
MEDIUMGNU binutils 2.21-2.31.1 and binutils_gold 1.11-1.16 - Denial of Service via Invalid ELF e_shoff Header
Title source: llmDescription
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=23765
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190822-0001/
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS
Scores
CVSS v3
5.5
EPSS
0.0112
EPSS Percentile
61.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-681
CWE-125
Status
published
Products (4)
gnu/binutils
2.21 - 2.31.1
gnu/binutils_gold
1.11 - 1.16
netapp/hci_management_node
netapp/solidfire
Published
Jul 23, 2019
Tracked Since
Feb 18, 2026