EulerOS Virtualization 2.13.0 : binutils (EulerOS-SA-2026-2396)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of- bounds read in the bfd...

CVE-2026-49497

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

CVE-2026-49497

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

EUVD-2026-36006

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

CVE-2026-49497

CVE-2026-49497 concerns Ghidra before 12.1, which contains a path traversal flaw in the SameDirDebugInfoProvider. The bug arises because filenames from ELF binary .gnu_debuglink sections are not validated before file paths are built, enabling a local attacker to craft malicious ELF binaries with ...

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from SameDirDebugInfoProvider failing to valida...

EulerOS 2.0 SP13 : binutils (EulerOS-SA-2026-2280)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of- bounds read in the bfd linker, allows a...

EulerOS 2.0 SP11 : binutils (EulerOS-SA-2026-2198)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header...

OSV-2026-785 Heap-double-free in _dwarf_load_elf_symtab_symbols

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514753154 Crash type: Heap-double-free Crash state: dwarfloadelfsymtabsymbols dwarfelfnlsetup dwarfinitpathdla...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow that leads to a segmentation fault in bfddwarf2findnearestline in dwarf2.c, as demonstrated by the nm tool...

Advisory ROSA-SA-2026-3277

software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-8 affected versions binutils-2.38-8 CVE-ID: CVE-2025-69652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readelf utility of the GNU Binutils package is related to incorrect processing of specially...

CLSA-2026-1779093100 binutils: Fix of 6 CVEs

CVE-2022-38533: fix heap buffer overflow in bfdgetl32 from stripmain with crafted COFF file - CVE-2022-47007: fix memory leak in stabdemanglev3arg in stabs.c - CVE-2022-47008: fix memory leak in maketempdir and maketempname in bucomm.c - CVE-2022-47010: fix memory leak in prfunctiontype in...

OSV-2026-744 Heap-double-free in _dwarf_destruct_elf_nlaccess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513032442 Crash type: Heap-double-free Crash state: dwarfdestructelfnlaccess dwarfelfnlsetup dwarfinitpathdla...

CLSA-2026-1777949670 binutils: Fix of 8 CVEs

CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing - CVE-2025-3198: fix memory leak...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-10704)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10704 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

go-toolset:ol8 security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.9-1 - Update to Go 1.25.9 fips-2 - Resolves: RHEL-169932 1.25.7-2 - Update to Go 1.25.8 fips-1 - Resolves: RHEL-156551...

CLSA-2026-1775726631 binutils: Fix of 9 CVEs

CVE-2023-1972: fix heap buffer overflow in bfdelfslurpversiontables - CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL...

Linux Distros Unpatched Vulnerability : CVE-2026-40527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2...