ROSA LABROSA-SA-2021-1808Advisory ROSA-SA-2021-1808
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
64.0%
Software: binutils 2.27
OS: Cobalt 7.9
CVE-ID: CVE-2017-12448
CVE-Crit: HIGH
CVE-DESC: The bfd_cache_close function in bfd / cache.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke heap usage upon release and possibly obtain code execution via a created archive attachment. This problem occurs because incorrect functions are called when attempting to free memory. The problem can be resolved by improved input validation in the bfd_generic_archive_p function in bfd/archive.c.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12449
CVE-Crit: HIGH
CVE-DESC: The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to cause reads from the heap outside of an installed vms file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12450
CVE-Crit: HIGH
CVE-DESC: The alpha_vms_object_p function in bfd / vms-alpha.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke a heap entry outside the valid range and possible code execution through the created alpha vms file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12451
CVE-Crit: HIGH
CVE-DESC: The _bfd_xcoff_read_ar_hdr function in bfd / coff-rs6000.c and bfd / coff64-rs6000.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to cause stack reads outside of bounds via a crafted COFF image file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12452
CVE-Crit: HIGH
CVE-DESC: The bfd_mach_o_i386_canonicalize_one_reloc function in bfd / mach-o-i386.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke heap outside read through a crafted mach-o file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12453
CVE-Crit: HIGH
CVE-DESC: The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke reads from the heap outside of bounds via a crafted alpha version of vms. file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12454
CVE-Crit: HIGH
CVE-DESC: The _bfd_vms_slurp_egsd function in bfd / vms-alpha.c in the binary file descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to cause arbitrary memory reads through a vms-created alpha file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12455
CVE-Crit: HIGH
CVE-DESC: The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to cause reads from the heap outside of the installed vms alpha file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12456
CVE-Crit: HIGH
CVE-DESC: The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to invoke reads from the heap outside of the installed binary.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12457
CVE-Crit: HIGH
CVE-DESC: The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to cause NULL dereferencing via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12458
CVE-Crit: HIGH
CVE-DESC: The nlm_swap_auxiled_headers_in function in bfd / nlmcode.h in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke reads from the heap outside of an installed nlm file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-12459
CVE-Crit: HIGH
CVE-DESC: The bfd_mach_o_read_symtab_strtab function in bfd / mach-oc in the Binary File Descriptor (BFD) library (also known as libbfd) distributed in GNU Binutils 2.29 and earlier allows remote attackers to cause heap escaping and possibly reach code execution through a crafted mach-o file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-19931
CVE-Crit: HIGH
CVE-DESC: A problem was found in the binary file descriptor (BFD) library (also known as libbfd), which was distributed in GNU Binutils before 2.31. Heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not limited.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-19932
CVE-Crit: MEDIUM
CVE-DESC: A problem was found in the Binary File Descriptor (BFD) library (also known as libbfd), which was distributed in GNU Binutils before 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-20671
CVE-Crit: MEDIUM
CVE-DESC: load_specific_debug_section in objdump.c in GNU Binutils before 2.31.1 contains an integer overflow vulnerability that can cause a heap-based buffer overflow via the size of the created partition.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-1010204
CVE-Crit: MEDIUM
CVE-DESC: on GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) affect: incorrect input validation, signed/unsigned comparison, read outside bounds. Consequences: denial of service. Component: gold / fileread.cc: 497, elfcpp / elfcpp_file.h: 644. Attack vector: ELF file with invalid e_shoff header field must be opened.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-35507
CVE-Crit: MEDIUM
CVE-DESC: There is a bug in bfd_pef_parse_function_stubs from bfd / pef.c in binutils in versions prior to 2.34 that could allow an attacker who can send a processed file for objdump processing to cause a NULL pointer dereference. The biggest threat to this vulnerability is application availability.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-35496
CVE-Crit: MEDIUM
CVE-DESC: There is a bug in bfd_pef_scan_scan_start_address () from bfd / pef.c in binutils that could allow an attacker who can send a crafted file for objdump processing to cause a NULL pointer dereference. The biggest threat to this vulnerability is application availability. This flaw affects versions of binutils prior to 2.34.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-35495
CVE-Crit: MEDIUM
CVE-DESC: error in binutils /bfd/pef.c. An attacker who can send a crafted input file to be processed by the objdump program can cause a null pointer to be dereferenced. The biggest threat from this flaw is application availability. This flaw affects versions of binutils prior to 2.34.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-35494
CVE-Crit: MEDIUM
CVE-DESC: error in binutils /opcodes/tic4x-dis.c. An attacker who can send a crafted input file to be processed by binutils can cause uninitialized memory usage. The biggest threat is application availability with a smaller threat to data privacy. This flaw affects versions of binutils prior to 2.34.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-35493
CVE-Crit: MEDIUM
CVE-DESC: there is a binutils error in bfd / pef.c. An attacker who can send the generated PEF file to be analyzed by objdump can cause a heap buffer overflow -> read out of range, which can affect application availability. This flaw affects binutils versions prior to 2.34.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2021-20197
CVE-Crit: MEDIUM
CVE-DESC: when writing output to the following GNU binutils utilities version 2.35 and earlier have an open race window: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script that updates binaries for different users), an unprivileged user can trick these utilities into gaining ownership of arbitrary files via symbolic link.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2021-20294
CVE-Crit: HIGH
CVE-DESC: a bug was found in the binutils program readelf 2.35. An attacker who can convince a victim to use readelf to read a crafted file can cause a stack buffer overflow, writing beyond the arbitrary data provided by the attacker. The biggest impact of this flaw is on confidentiality, integrity and availability.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2021-3487
CVE-Crit: MEDIUM
CVE-DESC: there is a bug in the BFD binutils library in versions prior to 2.36. An attacker who provides a crafted file to a BFD-related application and uses DWARF functionality can affect system availability due to excessive memory consumption.
CVE-STATUS: default
CVE-REV: default
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
64.0%