100 matches found
CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...
ROS-20260506-73-0005
A vulnerability in the processdebuginfo function of the GNU Binutils development tool is related to improper cleanup during exception handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Unity Linux 20.1070e Security Update: binutils (UTSA-2026-007092)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007092 advisory. A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function processdebuginfo of the file binutils/dwarf.c of the...
SUSE CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the debugrnglists function. An attacker can cause the application to enter a non-terminating output loop by supplying a crafted binary with malformed DWARF, resulting in repeated warning messages and requiring manual...
Linux Distros Unpatched Vulnerability : CVE-2025-69644
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug...
DEBIAN-CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
EUVD-2025-208343
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...
DEBIAN-CVE-2025-69645
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...
CVE-2025-69644
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...
UBUNTU-CVE-2025-69645
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...
PT-2026-23729
Name of the Vulnerable Software and Affected Versions Binutils version 2.44 Description Binutils objdump is susceptible to a denial-of-service condition when processing a specially crafted binary file containing improperly formatted DWARF debug information. A flaw in the handling of DWARF...
CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...
Astra Linux – Vulnerability in binutils
A vulnerability was discovered in GNU Binutils 2.44 and is classified as problematic. This issue affects the processdebuginfo function in the binutils/dwarf.c file, within the DWARF Section Handler component. The vulnerability results in a memory leak. Local attacks are required to exploit this...
CasaOS 安全漏洞
CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A security vulnerability exists in CasaOS 0.4.15 and earlier versions, which stems from the exposure of multiple unauthenticated endpoints and could lead to the disclosure of sensitive configuration files and system...
CLSA-2025-1766051004 Fix CVE(s): CVE-2025-8225
SECURITY UPDATE: debuginformation memory leak in processdebuginfo - debian/patches/CVE-2025-8225.patch: prevent memory leak by checking allocnumdebuginfoentries instead of numdebuginfoentries to determine whether debuginformation has been allocated - CVE-2025-8225...
SUSE-SU-2025:4091-1 Security update for cargo-packaging, rust-bindgen
This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: - CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber bsc1249012 Other fixes: - Prevent stripping debug info bsc1222175 rust-bindgen was updated to 0.72.0...