USN-6381-1: GNU binutils vulnerabilities

It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service memory exhaustion. CVE-2020-19724, CVE-2020-21490 It was discovered that GNU binutils was not properly performing bounds checks in several functions...

AZL-34732 CVE-2023-4527 affecting package glibc for versions less than 2.38-11

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

Ubuntu 16.04 ESM / 18.04 ESM : GNU binutils vulnerabilities (USN-6381-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6381-1 advisory. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of...

Fedora: Security Advisory (FEDORA-2023-845edc1181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64

...

USN-6373-1 gawk vulnerability

It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service...

SUSE CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

SUSE CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

AZL-28769 CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

DEBIAN-CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

glibc Resource Management Error Vulnerability

glibc GNU C Library is a C standard library implemented by a GNU project of the GNU community. A resource management error vulnerability exists in glibc, which stems from the fact that the gaihinet function may use freed memory, causing the application to crash...

PT-2023-5294 · Gcc +3 · Gcc +3

Name of the Vulnerable Software and Affected Versions: GCC versions prior to the fixed version Description: A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in an...

GCC Security Vulnerabilities

GCC is a collection of GNU compilers. It is primarily used to compile the C and C++ languages. A security vulnerability exists in GCC, which stems from the presence of a buffer overflow that could lead to an uncontrolled loss of availability or further compromise confidentiality or integrity...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2803)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-2721)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-2752)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : indent (ALAS2023-2023-318)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-318 advisory. GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 Tenable has extracted the preceding description block directly from the tested product...

GNU Binutils Resource Management Error Vulnerability

GNU Binutils is a set of tools for working with binary files. A resource management error vulnerability exists in GNU Binutils, which stems from the function bfddwarf2findnearestlinewithalt in dwarf2.c containing an excessive memory consumption vulnerability that can be exploited by an attacker t...

[SECURITY] Fedora 37 Update: indent-2.2.13-4.fc37

Indent is a GNU program for beautifying C code, so that it is easier to read. Indent can also convert from one C writing style to a different one. Indent understands correct C syntax and tries to handle incorrect C syntax. Install the indent package if you are developing applications in C and you...

[SECURITY] Fedora 38 Update: indent-2.2.13-4.fc38

Indent is a GNU program for beautifying C code, so that it is easier to read. Indent can also convert from one C writing style to a different one. Indent understands correct C syntax and tries to handle incorrect C syntax. Install the indent package if you are developing applications in C and you...