GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability

GNU Binutils is prone to a heap-based buffer-overflow vulnerability.

Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
GNU Binutils 2.32 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 108903
Class: Boundary Condition Error
CVE: CVE-2019-12972

Remote: Yes
Local: No
Published: Jun 26 2019 12:00AM
Updated: Jun 26 2019 12:00AM
Credit: The vendor reported this issue.
Vulnerable: GNU Binutils 2.32

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Bug 24689 - string table corruption (sourceware.org)
  
• GNU Homepage (binutils)
  
• PR24689, string table corruption (GNU)
  

Source: www.securityfocus.com