Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 309
    • Issues 309
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #108

Closed
Open
Created Jul 24, 2019 by Emily@emily🤖

system/binutils: CVE-2019-9072: excessive memory allocation in setup_group

Bugzilla ID 108
Alias(es) CVE-2019-9072
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-07-24 02:55:18 -0500
Modified 2019-07-24 19:17:49 -0500
Status RESOLVED WONTFIX
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / normal
URL https://nvd.nist.gov/vuln/detail/CVE-2019-9072
See also https://bts.adelielinux.org/show_bug.cgi?id=116
https://bts.adelielinux.org/show_bug.cgi?id=109

Description

From upstream [1]:

This doesn't reproduce for me, at least not on objdump built by gcc
and without the address sanitizer (which increases memory use).
Incidentally, hitting an out of memory failure in objalloc_alloc is
not a libiberty failure and so should not be reported to the gcc
project.

Also, out of memory failures triggered by user input are not that
interesting. It is perfectly reasonable for objdump to return with
"out of memory" on objects with silly sizes.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24232#c2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=24237#c2

Edited Feb 02, 2022 by Zach van Rijn
Assignee
Assign to
Time tracking