1. CVE-Search
  2. CVE-2019-9075
ID CVE-2019-9075
Summary An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_policy_webaccelerator:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_policy_webaccelerator:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 10-12-2021 - 20:19)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm
misc https://sourceware.org/bugzilla/show_bug.cgi?id=24236
suse
  • openSUSE-SU-2020:1790
  • openSUSE-SU-2020:1804
ubuntu USN-4336-1
Last major update 10-12-2021 - 20:19
Published 24-02-2019 - 00:29
Last modified 10-12-2021 - 20:19
Back to Top