CVE-2019-14250 — MEDIUM (5.5)

Vulnerability Description

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Binutils	2.32
Canonical	Ubuntu Linux	16.04
Opensuse	Leap	15.0

Related Weaknesses (CWE)

CWE-190 CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/109354Broken LinkThird Party AdvisoryVDB Entry
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924ExploitIssue TrackingThird Party Advisory
https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.htmlExploitMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202007-39Third Party Advisory
https://security.netapp.com/advisory/ntap-20190822-0002/Broken Link
https://usn.ubuntu.com/4326-1/Third Party Advisory
https://usn.ubuntu.com/4336-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2019-14250?

CVE-2019-14250 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow a...

How severe is CVE-2019-14250?

CVE-2019-14250 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14250?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils, Canonical Ubuntu Linux, Opensuse Leap.