Lucene search

K

GNU Binutils Security Vulnerabilities

cve
cve

CVE-2022-47007

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory...

5.5CVSS

5.9AI Score

0.0004EPSS

2023-08-22 07:16 PM
29
cve
cve

CVE-2022-47695

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in...

7.8CVSS

7.3AI Score

0.001EPSS

2023-08-22 07:16 PM
91
cve
cve

CVE-2022-47008

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory...

5.5CVSS

5.9AI Score

0.0004EPSS

2023-08-22 07:16 PM
32
cve
cve

CVE-2022-44840

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file...

7.8CVSS

7.7AI Score

0.001EPSS

2023-08-22 07:16 PM
109
cve
cve

CVE-2022-47696

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function...

7.8CVSS

7.3AI Score

0.001EPSS

2023-08-22 07:16 PM
103
cve
cve

CVE-2022-47673

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified...

7.8CVSS

7.4AI Score

0.001EPSS

2023-08-22 07:16 PM
106
cve
cve

CVE-2021-46174

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-08-22 07:16 PM
35
cve
cve

CVE-2020-19726

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...

8.8CVSS

8.2AI Score

0.001EPSS

2023-08-22 07:16 PM
99
cve
cve

CVE-2021-32256

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in...

6.5CVSS

6.6AI Score

0.001EPSS

2023-07-18 02:15 PM
93
cve
cve

CVE-2019-9070

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive...

7.8CVSS

7.5AI Score

0.002EPSS

2019-02-24 12:29 AM
84
2
cve
cve

CVE-2019-9077

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option...

7.8CVSS

7.7AI Score

0.001EPSS

2019-02-24 12:29 AM
159
3
cve
cve

CVE-2019-14250

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer...

5.5CVSS

6.4AI Score

0.001EPSS

2019-07-24 04:15 AM
317
cve
cve

CVE-2019-14444

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by...

5.5CVSS

6.2AI Score

0.001EPSS

2019-07-30 01:15 PM
135
cve
cve

CVE-2019-17450

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF...

6.5CVSS

6.3AI Score

0.007EPSS

2019-10-10 05:15 PM
260
cve
cve

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system...

5.5CVSS

6AI Score

0.001EPSS

2021-03-26 05:15 PM
107
2
cve
cve

CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can...

6.3CVSS

6.3AI Score

0.0004EPSS

2021-03-26 05:15 PM
125
cve
cve

CVE-2020-35507

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application...

5.5CVSS

5.7AI Score

0.001EPSS

2021-01-04 03:15 PM
125
5
cve
cve

CVE-2021-3549

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to...

7.1CVSS

6.6AI Score

0.001EPSS

2021-05-26 09:15 PM
76
3
cve
cve

CVE-2017-14745

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash).....

7.8CVSS

6.8AI Score

0.001EPSS

2022-10-03 04:23 PM
50
cve
cve

CVE-2017-13716

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library...

5.5CVSS

5.7AI Score

0.001EPSS

2022-10-03 04:23 PM
79
cve
cve

CVE-2017-12448

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs...

7.8CVSS

6.6AI Score

0.002EPSS

2022-10-03 04:23 PM
47
cve
cve

CVE-2017-12452

The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o...

7.8CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:23 PM
56
cve
cve

CVE-2017-12450

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha...

7.8CVSS

6.6AI Score

0.001EPSS

2022-10-03 04:23 PM
43
cve
cve

CVE-2017-12458

The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm...

7.8CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:23 PM
46
cve
cve

CVE-2017-12455

The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha...

7.8CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:23 PM
53
cve
cve

CVE-2017-12449

The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms...

7.8CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:23 PM
45
cve
cve

CVE-2017-12453

The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha...

7.8CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:23 PM
45
cve
cve

CVE-2017-12454

The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha...

7.8CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:23 PM
47
cve
cve

CVE-2017-12457

The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted...

7.8CVSS

5.8AI Score

0.001EPSS

2022-10-03 04:23 PM
42
cve
cve

CVE-2017-12451

The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image...

7.8CVSS

5.8AI Score

0.001EPSS

2022-10-03 04:23 PM
59
cve
cve

CVE-2017-12459

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o...

7.8CVSS

7.6AI Score

0.001EPSS

2022-10-03 04:23 PM
47
cve
cve

CVE-2017-7226

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as...

9.1CVSS

6.8AI Score

0.002EPSS

2022-10-03 04:23 PM
39
cve
cve

CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component...

7.8CVSS

7.6AI Score

0.001EPSS

2021-11-18 10:15 PM
57
cve
cve

CVE-2021-3530

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a...

7.5CVSS

7.2AI Score

0.002EPSS

2021-06-02 03:15 PM
70
cve
cve

CVE-2019-9076

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in...

5.5CVSS

6.1AI Score

0.002EPSS

2019-02-24 12:29 AM
65
2
cve
cve

CVE-2019-9074

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in...

5.5CVSS

5.9AI Score

0.001EPSS

2019-02-24 12:29 AM
167
2
cve
cve

CVE-2019-9075

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in...

7.8CVSS

7.7AI Score

0.001EPSS

2019-02-24 12:29 AM
184
2
cve
cve

CVE-2019-9072

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in...

5.5CVSS

5.5AI Score

0.004EPSS

2019-02-24 12:29 AM
64
2
cve
cve

CVE-2019-9073

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in...

5.5CVSS

6.1AI Score

0.002EPSS

2019-02-24 12:29 AM
88
2
cve
cve

CVE-2019-9071

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive...

5.5CVSS

6.1AI Score

0.002EPSS

2019-02-24 12:29 AM
87
2
cve
cve

CVE-2018-20712

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by...

6.5CVSS

6.3AI Score

0.001EPSS

2019-01-15 12:29 AM
61
cve
cve

CVE-2018-20673

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by...

5.5CVSS

5.7AI Score

0.0004EPSS

2019-01-04 06:29 PM
89
cve
cve

CVE-2018-20657

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to...

7.5CVSS

7AI Score

0.005EPSS

2019-01-02 02:29 PM
51
cve
cve

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF...

5.5CVSS

5.9AI Score

0.001EPSS

2018-12-31 07:29 PM
134
4
cve
cve

CVE-2018-18700

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this...

5.5CVSS

6AI Score

0.002EPSS

2018-10-29 12:29 PM
54
cve
cve

CVE-2018-18701

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this...

5.5CVSS

6AI Score

0.002EPSS

2018-10-29 12:29 PM
54
cve
cve

CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type,...

5.5CVSS

6AI Score

0.002EPSS

2018-10-18 09:29 PM
132
cve
cve

CVE-2018-18483

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by....

7.8CVSS

6.6AI Score

0.01EPSS

2018-10-18 09:29 PM
123
cve
cve

CVE-2018-17985

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P'...

5.5CVSS

6AI Score

0.002EPSS

2018-10-04 11:29 PM
127
cve
cve

CVE-2018-17794

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from...

6.5CVSS

6.6AI Score

0.002EPSS

2018-09-30 08:29 PM
58
Total number of security vulnerabilities225