Binutils Security Vulnerabilities - 2023
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
5.5CVSS
6.2AI Score
0.0004EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
8.8CVSS
8.2AI Score
0.002EPSS
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
5.5CVSS
6AI Score
0.0004EPSS
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
7.5CVSS
7.1AI Score
0.001EPSS
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
6.5CVSS
6.6AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
5.5CVSS
6.3AI Score
0.0004EPSS
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
5.5CVSS
5.6AI Score
0.0004EPSS
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
5.5CVSS
5.6AI Score
0.001EPSS
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
7.8CVSS
7.7AI Score
0.001EPSS
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
7.8CVSS
7.8AI Score
0.001EPSS
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
5.5CVSS
5.9AI Score
0.0004EPSS
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
5.5CVSS
5.9AI Score
0.0004EPSS
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
5.5CVSS
5.9AI Score
0.0004EPSS
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
5.5CVSS
5.9AI Score
0.0004EPSS
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
7.8CVSS
7.4AI Score
0.001EPSS
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
7.8CVSS
7.3AI Score
0.001EPSS
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
7.8CVSS
7.3AI Score
0.001EPSS
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
5.5CVSS
6AI Score
0.0004EPSS
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
5.5CVSS
6AI Score
0.0005EPSS
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
5.5CVSS
6.1AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.001EPSS
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
6.5CVSS
6.7AI Score
0.001EPSS
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
7.1CVSS
6.7AI Score
0.0005EPSS
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
5.5CVSS
6.7AI Score
0.0004EPSS
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
5.5CVSS
5.4AI Score
0.0004EPSS
A flaw was found in Binutils. The field the_bfd of asymbolstruct is uninitialized in the bfd_mach_o_get_synthetic_symtab function, which may lead to an application crash and local denial of service.
5.5CVSS
5.5AI Score
0.0004EPSS