Integer overflow

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in bfddwarf2findnearestline in dwarf2.c, as demonstrated by nm...

CVE-2019-17451

CVE-2019-17451 is a vulnerability in GNU Binutils 2.32 (libbfd) where an integer overflow in _bfd_dwarf2_find_nearest_line (dwarf2.c) can cause a SEGV. Affected products reference Binutils in various IBM Netezza/NPS advisories and Astra Linux; remediation is to upgrade to a newer Binutils version...

Denial Of Service (Dos)

binutils is vulnerable to denial of service. Stack Exhaustion in the demangling functions allow an attacker to crash the application during execution of nm-new...

binutils: Stack Exhaustion in the demangling functions provided by libiberty

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

fis-nm (>=1.0.0 <=1.0.3), fis-packager-autopack (>=0.0.19 <=0.2.1) +6 more potentially affected by unknown CVE via concat-stream (=1.4.1)

concat-stream NPM version =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on concat-stream and may be impacted: - fis-nm =1.0.0, =0.0.19, =0.0.1, =0.0.1, =0.0.5, =0.0.6, =0.4.1, =0.4.0, =0.4.1 Source cves: unknown CVE Source advisory:...

[SECURITY] Fedora 29 Update: elfutils-0.176-1.fc29

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

CVE-2019-7149

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

Heap overflow

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

CVE-2019-7149

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

CVE-2019-7149

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

PT-2019-1675 · Red Hat +5 · Elfutils +6

Name of the Vulnerable Software and Affected Versions: elfutils version 0.175 Description: A heap-based buffer over-read was discovered in the read srclines function in dwarf getsrclines.c in libdw in elfutils. This issue can be exploited by a crafted input, causing segmentation faults and leadin...

Integer overflow

The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability for "Create an array for saving the template argument values" that can trigger a heap-based buffer overflow, as demonstrated by nm...

CVE-2018-20673

CVE-2018-20673 affects the GNU libiberty component (demangle_template() in cplus-dem.c) shipped with GNU Binutils 2.31.1, causing an integer overflow that can lead to a heap-based buffer overflow when creating an array for template argument values (as demonstrated by nm). Connected advisories ref...

CVE-2018-20673

The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability for "Create an array for saving the template argument values" that can trigger a heap-based buffer overflow, as demonstrated by nm...

[SECURITY] Fedora 29 Update: elfutils-0.174-5.fc29

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

binutils: Uncontrolled Resource Consumption in execution of nm

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted ELF file, as demonstrated by bfdelfparseattributes in elf-attrs.c and bfdmalloc in libbfd.c...

CVE-2018-18700

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could leverage this vulnerability to...

UBUNTU-CVE-2018-18701

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c. Remote attackers could leverage this vulnerability t...

Design/Logic Flaw

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could leverage this vulnerability to...

CVE-2018-18700

CVE-2018-18700 affects GNU Binutils 2.31 with a stack consumption vulnerability caused by infinite recursion in cp-demangle.c (functions d_name(), d_encoding(), d_local_name()). The issue enables a remote attacker to trigger a denial-of-service via an ELF file, as demonstrated by nm. Connected As...