{"id":"CVE-2019-9070","details":"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.","modified":"2026-04-11T12:23:55.792889Z","published":"2019-02-24T00:29:00.237Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","extracted_events":[{"last_affected":"16.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"18.04"}]}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107147"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-24"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K13534168"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4326-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4336-1/"},{"type":"REPORT","url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395"},{"type":"REPORT","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=24229"},{"type":"FIX","url":"https://security.netapp.com/advisory/ntap-20190314-0003/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://sourceware.org/git/binutils-gdb.git","events":[{"introduced":"0"},{"last_affected":"a9d9a104dde6a749f40ce5c4576a0042a7d52d1f"},{"last_affected":"d7f9889c025c55492c6641fd3c3396cee7dfb7c9"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*","cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.32"},{"introduced":"5.0.0"},{"last_affected":"5.1.0"}]}}],"versions":["binutils-2_32","gdb-4_18-branchpoint","gdb-7.10-branchpoint","gdb-7.11-branchpoint","gdb-7.12-branchpoint","gdb-7.7-branchpoint","gdb-7.8-branchpoint","gdb-7.9-branchpoint","gdb-8.0-branchpoint","gdb-8.1-branchpoint","gdb-8.2-branchpoint","gdb_5_1-2001-07-29-branchpoint","gdb_5_1-2001-11-21-release","gdb_5_1_0_1-2002-01-03-branchpoint","gdb_5_1_0_1-2002-01-03-release","gdb_5_2-branchpoint","gdb_5_3-branchpoint","gdb_6_0-branchpoint","gdb_6_1-branchpoint","gdb_6_2-branchpoint","gdb_6_3-branchpoint","gdb_6_4-branchpoint","gdb_6_5-branchpoint","gdb_6_6-branchpoint","gdb_6_7-branchpoint","gdb_6_8-branchpoint","gdb_7_0-branchpoint","gdb_7_1-branchpoint","gdb_7_2-branchpoint","gdb_7_3-branchpoint","gdb_7_4-branchpoint","gdb_7_5-branchpoint","gdb_7_6-branchpoint","gdb_s390-2001-09-26-branchpoint","users/ARM/embedded-binutils-master-2016q4","users/ARM/embedded-binutils-master-2017q4","users/ARM/embedded-binutils-master-2018q4","users/ARM/embedded-gdb-master-2017q4","users/ARM/embedded-gdb-master-2018q4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9070.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}