Total
224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8421 | 1 Gnu | 1 Binutils | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. | |||||
| CVE-2018-12641 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. | |||||
| CVE-2018-9996 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. | |||||
| CVE-2017-17080 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. | |||||
| CVE-2018-20712 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. | |||||
| CVE-2018-12699 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2019-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | |||||
| CVE-2018-12697 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2019-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | |||||
| CVE-2018-10535 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. | |||||
| CVE-2018-10534 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. | |||||
| CVE-2018-10373 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. | |||||
| CVE-2018-10372 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | |||||
| CVE-2017-9756 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9755 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9751 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9750 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9749 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9746 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. | |||||
| CVE-2017-9743 | 1 Gnu | 1 Binutils | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-7227 | 1 Gnu | 1 Binutils | 2018-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | |||||
| CVE-2017-7225 | 1 Gnu | 1 Binutils | 2018-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | |||||