63 matches found
CVE-2017-9756
The aarch64extldstreglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during...
CVE-2017-9742
The scoreopcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D"...
GNU binutils - disassemble_bytes Heap Overflow
GNU binutils - disassemblebytes Heap Overflow Source: https://sourceware.org/bugzilla/showbug.cgi?id=21580 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...
GNU binutils - 'decode_pseudodbg_assert_0' Buffer Overflow
Source: https://sourceware.org/bugzilla/showbug.cgi?id=21586 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the reduced stacktrace with links to the correspondin...
GNU binutils - disassemble_bytes Heap Overflow Exploit
Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21580 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...
GNU binutils - decode_pseudodbg_assert_0 Buffer Overflow Exploit
Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21586 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...
GNU binutils - bfd_get_string Stack Buffer Overflow
GNU binutils - bfdgetstring Stack Buffer Overflow Source: https://sourceware.org/bugzilla/showbug.cgi?id=21581 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...
CVE-2017-7614
elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via ...
CVE-2017-7608
The eblobjectnotetypename function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file...
CVE-2017-7609
elfcompress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...
CVE-2017-7223
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow of size 1 while attempting to unget an EOF character from the input stream, potentially leading to a program crash...
CVE-2017-7209
The dumpsectionasbytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash...
CVE-2016-3706
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...
Security fix for the ALT Linux 5 package glibc version 6:2.11.2-alt1.M51.2
6:2.11.2-alt1.M51.2 built Jan. 28, 2015 Gleb Fotengauer-Malinovskiy in task 139340 Jan. 28, 2015 Gleb Fotengauer-Malinovskiy - Backported upstream fix for Sourceware15014 CVE-2015-0235...
CVE-2014-8484
The srecscan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service out-of-bounds read via a small S-record...
CVE-2014-8501
The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable...
CVE-2013-4357
The eglibc package before 2.14 incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service...
CVE-2013-1914
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.17 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of domain conversion results...
CVE-2012-6656
iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8...
Security fix for the ALT Linux 7 package glibc version 6:2.11.3-alt4
April 28, 2011 Dmitry V. Levin 6:2.11.3-alt4 - Backported upstream fixes for Sourceware12393, Sourceware12583 CVE-2011-1659 and Sourceware12685. - Fixed nscd reload closes: 25379. - glibc-utils: dropped rpcinfo which is now provided by rpcbind = 0.2.1-alt0.4...