VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-y1z3-kttd-aaaq

Essentials
Severities (97)
References (16)
Severity details (5)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-y1z3-kttd-aaaq
Aliases	CVE-2019-1010204
Summary	GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-125	Out-of-bounds Read
CWE-681	Incorrect Conversion between Numeric Types
CWE-20	Improper Input Validation

System	Score	Found at
rhas	Low	https://access.redhat.com/errata/RHSA-2020:1797
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010204.json
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
epss	0.0017	https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=1735604
cvssv3	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2019-1010204
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2019-1010204
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2019-1010204

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010204.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-1010204
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20190822-0001/
		https://sourceware.org/bugzilla/show_bug.cgi?id=23765
		https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS
		https://support.f5.com/csp/article/K05032915?utm_source=f5support&utm_medium=RSS
1735604		https://bugzilla.redhat.com/show_bug.cgi?id=1735604
cpe:2.3:a:gnu:binutils::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils::::::::
cpe:2.3:a:gnu:binutils_gold::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils_gold::::::::
cpe:2.3:a:netapp:hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
CVE-2019-1010204		https://nvd.nist.gov/vuln/detail/CVE-2019-1010204
RHSA-2020:1797		https://access.redhat.com/errata/RHSA-2020:1797
USN-5349-1		https://usn.ubuntu.com/5349-1/

No exploits are available.

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010204.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-1010204

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-1010204

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-1010204

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.2456
EPSS Score	0.00098
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.