EUVD-2018-2606

Malware in sbrugna...

SUSE CVE-2018-6759

The bfdgetdebuglinkinfo1 function in opncls.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault via a crafted ELF file...

CVE-2018-12698

demangletemplate in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump...

CVE-2018-13033

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted ELF file, as demonstrated by bfdelfparseattributes in elf-attrs.c and bfdmalloc in libbfd.c...

EulerOS 2.0 SP2 : binutils (EulerOS-SA-2019-2450)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++...

CVE-2018-7642

The swapstdrelocin function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service aout32swapstdrelocout NULL pointer dereference and application crash via a crafted ELF file, as demonstrated by...

CVE-2018-12697

A NULL pointer dereference aka SEGV on unknown address 0x000000000000 was discovered in workstuffcopytofrom in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump...

NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Multiple Vulnerabilities (NS-SA-2019-0060)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected by multiple vulnerabilities: - The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service...

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2019-1790)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference aka SEGV on unknown address 0x000000000000 was discovered in workstuffcopytofrom in cplus-dem.c in GNU libiberty, a...

EulerOS Virtualization for ARM 64 3.0.1.0 : binutils (EulerOS-SA-2019-1377)

According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - concatfilename in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30,...

Amazon Linux 2 : binutils (ALAS-2019-1138)

An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7568 The ignoresectionsym function in elf.c in the Binary Fi...

Heap overflow

finishstab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump...

CVE-2018-12697

A NULL pointer dereference aka SEGV on unknown address 0x000000000000 was discovered in workstuffcopytofrom in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump...

CVE-2018-12699

finishstab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump...

Null pointer dereference

A NULL pointer dereference aka SEGV on unknown address 0x000000000000 was discovered in workstuffcopytofrom in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump...

Stack overflow

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

CVE-2018-12641

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

CVE-2018-12641

CVE-2018-12641 affects GNU Binutils 2.30, causing stack exhaustion in the libiberty C++ demangling code (arm_pt in cplus-dem.c) during nm-new due to recursive stack frames (demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, demangle_nested_args). Th...

CVE-2018-10535

The ignoresectionsym function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, does not validate the outputsection pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial o...

CVE-2018-10534

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...