漏洞信息详情
GNU Binutils 缓冲区错误漏洞
- CNNVD编号:CNNVD-201902-848
- 危害等级: 中危
- CVE编号: CVE-2019-9074
- 漏洞类型: 缓冲区错误
- 发布时间: 2019-02-23
- 威胁类型: 本地
- 更新时间: 2021-12-13
- 厂 商:
- 漏洞来源: spinpx
漏洞简介
GNU Binutils(GNU Binary Utilities或binutils)是GNU计划的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件,并提供有连接器、汇编器和其他用于目标文件和档案的工具。Binary File Descriptor library是其中的一个用于处理不同格式的目标文件可移植性的库。
GNU Binutils 2.32版本中的Binary File Descriptor library的libbfd.c文件的‘bfd_getl32’函数存在越界读取漏洞。攻击者可利用该漏洞造成段错误。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://www.gnu.org/
参考网址
来源:CONFIRM
链接:https://support.f5.com/csp/article/K09092524
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.HTML
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190314-0003/
来源:GENTOO
链接:https://security.gentoo.org/glsa/202107-24
来源:UBUNTU
链接:https://usn.ubuntu.com/4336-1/
来源:MISC
链接:https://sourceware.org/bugzilla/show_bug.cgi?id=24235
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.HTML
来源:support.f5.com
链接:https://support.f5.com/csp/article/K42059040
来源:support.f5.com
链接:https://support.f5.com/csp/article/K09092524
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1400/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3723/
来源:www.securityfocus.com
链接:http://www.securityfocus.com/bid/107412
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-9074
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/binutils-NULL-pointer-dereference-via-bfd-getl32-29404
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4225/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-platform-software-clients/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2483
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3660
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1860/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1143448
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163455/Gentoo-Linux-Security-Advisory-202107-24.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-performance-server/
受影响实体
暂无
补丁
- GNU Binutils 缓冲区错误漏洞的修复措施
评论