18 matches found
CLSA-2026-1777969446 binutils: Fix of 8 CVEs
CVE-2021-45078: fix heap-based buffer overflow in stabxcoffbuiltintype - CVE-2021-46174: fix buffer overflow in readsectionstabsdebugginginfo - CVE-2022-44840: fix heap buffer overflow in findsectioninset - CVE-2022-45703: fix heap buffer overflow in displaygdbindex - CVE-2022-47695: fix...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an exception in the RCU read section where the cachestat function is refreshing statistics...
SUSE CVE-2024-27053
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ 333 N...
The vulnerability of the read_section function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.
The vulnerability of the readsection function in the dwarf2.c component of the GNU Binutils development environment relates to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created ELF file...
The vulnerability of the read_section() function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.
The vulnerability of the readsection function in the dwarf2.c component of the GNU Binutils development environment is related to insufficient input data validation. Exploiting this vulnerability allows an attacker who operates remotely to trigger a service failure using a specially created file...
CLSA-2021-1635459149 Fix CVE(s): CVE-2021-3487
SECURITY UPDATE: - CVE-2021-3487.patch: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection. - CVE-2021-3487...
CLSA-2021-1633442827 Fix of CVE: CVE-2021-3487
CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection...
The vulnerability in the implementation of the read_section_as_string() function of the Grub2 operating system allows a attacker to influence data integrity or cause service failures.
The vulnerability of the readsectionasstring function in the Grub2 operating system’s loader is related to the issue of data operations going beyond the buffer boundaries. This is because the maximum length of a UINT32MAX is 1 byte. Exploiting this vulnerability could allow an attacker to influen...
grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...
grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...
grub2 heap buffer overflow vulnerability (CNVD-2020-45111)
GRUB2 is a bootloader. A heap buffer overflow vulnerability exists in the readsectionasstring function in grub2 versions prior to 2.06. An attacker can exploit this vulnerability to cause an arithmetic overflow and zero-size allocation via a malicious font file with the name UINT32MAX, which can...
ALPINE-CVE-2020-14310
There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...
grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...
grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...
UBUNTU-CVE-2020-14310
There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...
PT-2020-3622 · Gnu +7 · Grub2 +7
Name of the Vulnerable Software and Affected Versions: grub2 versions prior to 2.06 Description: The issue is related to the read section as string function, which expects a font name to be at most UINT32 MAX - 1 length in bytes but does not verify it before proceeding with buffer allocation. Thi...
DEBIAN-CVE-2017-14129
The readsection function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service parsecompunit heap-based buffer over-read and application crash via a crafted ELF file...
DEBIAN-CVE-2009-1755
Off-by-one error in the packetreadquerysection function in packet.c in nsd 3.2.1, and processquerysection in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow...