OSV-2026-785 Heap-double-free in _dwarf_load_elf_symtab_symbols

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514753154 Crash type: Heap-double-free Crash state: dwarfloadelfsymtabsymbols dwarfelfnlsetup dwarfinitpathdla...

Advisory ROSA-SA-2026-3277

software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-8 affected versions binutils-2.38-8 CVE-ID: CVE-2025-69652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readelf utility of the GNU Binutils package is related to incorrect processing of specially...

CLSA-2026-1779093100 binutils: Fix of 6 CVEs

CVE-2022-38533: fix heap buffer overflow in bfdgetl32 from stripmain with crafted COFF file - CVE-2022-47007: fix memory leak in stabdemanglev3arg in stabs.c - CVE-2022-47008: fix memory leak in maketempdir and maketempname in bucomm.c - CVE-2022-47010: fix memory leak in prfunctiontype in...

OSV-2026-744 Heap-double-free in _dwarf_destruct_elf_nlaccess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513032442 Crash type: Heap-double-free Crash state: dwarfdestructelfnlaccess dwarfelfnlsetup dwarfinitpathdla...

CLSA-2026-1777949670 binutils: Fix of 8 CVEs

CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing - CVE-2025-3198: fix memory leak...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow that leads to a segmentation fault in bfddwarf2findnearestline in dwarf2.c, as demonstrated by the nm tool...

Astra Linux - уязвимость в binutils

A vulnerability was discovered in GNU Binutils 2.44 and is classified as problematic. This issue affects the processdebuginfo function in the binutils/dwarf.c file, within the DWARF Section Handler component. The vulnerability results in a memory leak. Local attacks are required to exploit this...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-10704)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10704 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

go-toolset:ol8 security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.9-1 - Update to Go 1.25.9 fips-2 - Resolves: RHEL-169932 1.25.7-2 - Update to Go 1.25.8 fips-1 - Resolves: RHEL-156551...

CLSA-2026-1775726631 binutils: Fix of 9 CVEs

CVE-2023-1972: fix heap buffer overflow in bfdelfslurpversiontables - CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL...

Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

Linux Distros Unpatched Vulnerability : CVE-2026-40527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2...

CVE-2026-40527

A flaw was found in radare2. A remote attacker can exploit this by crafting an ELF Executable and Linkable Format binary that embeds malicious commands within its DWARF Debugging With Attributed Record Formats parameter names. When radare2 analyzes such a binary, these embedded commands are...

delve security update

1.25.2-3.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-3 - Rebuild with latest Go...

Oracle Linux 10 : delve (ELSA-2026-8842)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-8842 advisory. 1.25.2-3.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-3 - Rebuild with latest Go Tenable has extracted the preceding...

EUVD-2026-23534

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...