Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2020.2330
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-2330)
Summary:The remote host is missing an update for the Huawei EulerOS; 'binutils' package(s) announced via the EulerOS-SA-2020-2330 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS
'binutils' package(s) announced via the EulerOS-SA-2020-2330 advisory.

Vulnerability Insight:
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.(CVE-2019-9070)

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.(CVE-2019-9071)

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.(CVE-2019-14250)

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.(CVE-2019-9073)

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.(CVE-2019-14444)

Affected Software/OS:
'binutils' package(s) on Huawei EulerOS V2.0SP2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9070
BugTraq ID: 107147
http://www.securityfocus.com/bid/107147
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395
https://sourceware.org/bugzilla/show_bug.cgi?id=24229
https://usn.ubuntu.com/4326-1/
https://usn.ubuntu.com/4336-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9071
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394
https://sourceware.org/bugzilla/show_bug.cgi?id=24227
Common Vulnerability Exposure (CVE) ID: CVE-2019-9073
https://sourceware.org/bugzilla/show_bug.cgi?id=24233
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.