Medium: gsl

Issue Overview: A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application...

Amazon Linux 2023 : gsl, gsl-devel (ALAS2023-2023-353)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-353 advisory. A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for...

The vulnerability of the `parse_module` function in the GNU Binutils development environment, which involves reading beyond the buffer boundaries in memory, allows an attacker to trigger a service failure or cause other adverse effects.

The vulnerability of the parsemodule function in the GNU Binutils development environment is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure or exert other adverse effects...

The vulnerability of the libbfd library in the GNU Binutils development environment, related to reading beyond the buffer boundaries in memory, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the libbfd library in the GNU Binutils development environment, within the Debian GNU operating system, relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the bfd_pef_parse_function_stubs function (bfd/pef.c) in the GNU Binutils development environment, related to the handling of zero pointers, allows a malicious actor to trigger a service failure.

The vulnerability of the bfdpefparsefunctionstubs function bfd/pef.c in the GNU Binutils development environment is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the GNU Binutils development tool lies in the improper handling of references before accessing files. This allows attackers to exploit their privileges.

The vulnerability of the GNU Binutils development tool lies in the incorrect definition of the reference before accessing a file. Exploiting this vulnerability can allow an attacker to enhance their privileges...

The vulnerability of the libbfd library in the GNU Binutils development environment, related to the handling of zero pointer operations, allows attackers to trigger a service failure.

The vulnerability of the libbfd library in the GNU Binutils development environment is related to the use of a zero pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the process_symbol_table function in the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the processsymboltable function in the GNU Binutils development environment is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the bfd_mach_o_get_synthetic_symtab function in the GNU Binutils development environment allows a attacker to cause a service failure or exert other effects.

The vulnerability of the bfdmachogetsyntheticsymtab function in the GNU Binutils development toolset is related to insufficient input validation. Exploiting this vulnerability could allow an attacker to cause service failures or other adverse effects...

The vulnerability of the `parse_stab_struct_fields` function in the GNU Binutils development environment, related to a memory leak, allows an attacker to cause a service failure.

The vulnerability of the parsestabstructfields function in the GNU development environment is related to a memory release error. Exploiting this vulnerability could allow an attacker to cause a service failure...

Vulnerability of the bfd_pef_parse_function_stubs function in the GNU Binutils development environment, caused by buffer overflow in dynamic memory, allowing an attacker to trigger a stack overflow.

The vulnerability of the bfdpefparsefunctionstubs function in the GNU Binutils development toolset, located in the bfd/pef.c file, is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability could allow an attacker to trigger a stack overflow...

USN-6381-1: GNU binutils vulnerabilities

It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service memory exhaustion. CVE-2020-19724, CVE-2020-21490 It was discovered that GNU binutils was not properly performing bounds checks in several functions...

AZL-34732 CVE-2023-4527 affecting package glibc for versions less than 2.38-11

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

Ubuntu 16.04 ESM / 18.04 ESM : GNU binutils vulnerabilities (USN-6381-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6381-1 advisory. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of...

Fedora: Security Advisory (FEDORA-2023-845edc1181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64

...

USN-6373-1 gawk vulnerability

It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service...

SUSE CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

SUSE CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

AZL-28769 CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...