system/binutils: CVE-2019-14444: readelf integer overflow
| Bugzilla ID | 174 |
| Alias(es) | CVE-2019-14444 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-05 13:42:40 -0500 |
| Modified | 2019-09-30 15:01:56 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-14444 |
Description
apply_relocations in readelf.c in GNU Binutils 2.32 contains an
integer overflow that allows attackers to trigger a write access
violation (in byte_put_little_endian function in elfcomm.c) via an ELF
file, as demonstrated by readelf.