27 matches found
CVE-2018-1000876
The CVE-2018-1000876 vulnerability affects GNU binutils up to version 2.32 and earlier, with the flaw in the object dump and relocation code (objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc) that can trigger an integer overflow leading to a heap overflow. This could all...
CVE-2022-48064
CVE-2022-48064 affects GNU Binutils up to version 2.40, where an excessive memory consumption vulnerability in bfd_dwarf2_find_nearest_line_with_alt (dwarf2.c) can be triggered by a crafted ELF file, enabling a remote attacker to cause a DNS attack. IBM/Red Hat/Amazon advisories indicate this req...
CVE-2020-35507
CVE-2020-35507 (binutils) concerns a NULL pointer dereference in bfd_pef_parse_function_stubs in bfd/pef.c when processing crafted files with objdump, affecting versions prior to 2.34. This is a Binutils issue that can impact availability. The Astra Linux security bulletin mirrors this flaw and c...
CVE-2022-48065
CVE-2022-48065 affects GNU Binutils up to version 2.39.x (before 2.40). The vulnerability is a memory leak in the function find_abstract_instance in the file dwarf2.c . The issue can lead to increased memory consumption and, as reported in sources, potential crashes. The connected documents consi...
CVE-2022-45703
CVE-2022-45703 is a heap buffer overflow in GNU binutils' readelf tool (readelf.c, display_debug_section) affecting readelf before 2.40. The vulnerability could lead to arbitrary code execution or a crash per the description; the issue is addressed by upgrading to binutils 2.40 or newer. Exploita...
CVE-2022-48063
The connected sources confirm CVE-2022-48063 affects GNU Binutils prior to 2.40. The vulnerability is an excessive memory consumption issue in the load_separate_debug_files function (dwarf2.c). An attacker could create a crafted ELF file to trigger a DNS-based denial of service. Impact is limited...
CVE-2022-44840
CVE-2022-44840: A heap/denial-of-service vulnerability in GNU Binutils readelf.c (find_section_in_set) affects readelf up to version before 2.40. A locally authenticated attacker could craft input to trigger a heap-based buffer overflow, potentially causing a crash or denial of service. Public de...
CVE-2022-47673
CVE-2022-47673 concerns Binutils addr2line prior to 2.39.3, where parse_module contains multiple out-of-bounds reads that may cause a denial of service or other unspecified impacts. This vulnerability is consistently described across multiple connected sources as a Binutils addr2line issue with o...
CVE-2022-47696
CVE-2022-47696 is a vulnerability in GNU Binutils’ objdump prior to 2.39.3 where the function compare_symbols can be exploited to cause a denial of service and other unspecified impacts. The connected sources consistently describe this as a DoS in objdump and indicate the issue affects Binutils v...
CVE-2022-47695
GNU Binutils objdump before 2.39.3 is affected by CVE-2022-47695. The issue arises in bfd_mach_o_get_synthetic_symtab within match-o.c, enabling denial of service or other unspecified impacts. Affected product scope across multiple advisories references the binutils toolset (objdump) and confirms...
CVE-2020-35496
CVE-2020-35496 describes a vulnerability in binutils’ bfd_pef_scan_start_address() that could trigger a NULL pointer dereference when processing a crafted file with the BFD/PEF code, impacting affected binutils versions prior to 2.34. The issue arises from a flaw in how the function handles dwarf...
CVE-2020-35493
CVE-2020-35493 is a Binutils vulnerability in bfd/pef.c that can cause a heap-based buffer overflow and an out-of-bounds read, potentially impacting availability. It affects binutils versions prior to 2.34. Remediation: upgrade Binutils to version 2.34 or newer (or apply vendor-specific patches i...
CVE-2023-25584
CVE-2023-25584: An out-of-bounds read flaw exists in Binutils’ parse_module function (bfd/vms-alpha.c). Connected sources (Astra Linux bulletin and related entries) reiterate the same description, confirming a vulnerability in Binutils. Documented impact includes potential crashes and possible in...
CVE-2020-35494
CVE-2020-35494 targets GNU Binutils: a flaw in /opcodes/tic4x-dis.c can cause a denial of service via processing crafted input, due to use of uninitialized memory. Affected are binutils versions prior to 2.34. Impact is availability (partial confidentiality/none integrity per description). The co...
CVE-2025-0840
CVE-2025-0840 affects GNU Binutils up to 2.43, targeting the function disassemble_bytes in binutils/objdump.c. The vulnerability arises from manipulating the argument buf, causing a stack-based buffer overflow. A remote attacker can exploit this, with attack complexity labeled as high and exploit...
CVE-2020-35495
CVE-2020-35495 is a null pointer dereference in binutils/bfd/pef.c (bfd_pef_parse_symbols) triggered by specially crafted input processed by objdump. It affects Binutils prior to 2.34 and can impact availability via crash. Remediation is upgrading to a newer Binutils version; IBM/Netezza advisori...
CVE-2021-37322
CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.
CVE-2021-46174
CVE-2021-46174 is a heap-based buffer overflow in GNU Binutils objdump (function bfd_getl32). Multiple connected advisories reference the same issue, with descriptions asserting a heap overflow in Binutils objdump 3.37 and related components. The CVE is associated with potential denial-of-service...
CVE-2005-4808
The CVE-2005-4808 entry concerns a buffer overflow in the GNU Binutils gas assembler: reset_vars in config/tc-crx.c, vulnerable in Binutils before 20050714. Exploitation is described as user-assisted with unknown impact via a crafted .s file. Multiple connected records ( RH/CVE, Ubuntu USN-366-1,...
CVE-2020-19724
CVE-2020-19724: A memory consumption issue in get_data (binutils/nm.c) affects GNU nm prior to 2.34, enabling denial of service via crafted input. The primary technical detail is a memory‑based DoS in the get_data path of nm for nm.c; impact is a DoS condition. The Initial Description and connect...
CVE-2020-35342
CVE-2020-35342 (GNU Binutils) affects Binutils before 2.34, with an uninitialized-heap vulnerability in tic4x_print_cond (opcodes/tic4x-dis.c) that could lead to information leakage. Affected software: GNU Binutils; root cause: uninitialized heap memory in a print handler. Impact: potential infor...
CVE-2025-5244
CVE-2025-5244 affects GNU Binutils up to 2.44. The vulnerability is in the ld component, specifically the function elf_gc_sweep in bfd/elflink.c , where input length handling leads to memory corruption. The exploit requires a local attack vector, and public disclosures indicate the exploit is ava...
CVE-2005-4807
CVE-2005-4807 concerns the GNU Binutils gas assembler. The vulnerability is a stack-based buffer overflow in the as_bad function within messages.c, triggered by a .c file containing crafted inline assembly code. Under affected configurations, an attacker could potentially execute arbitrary code w...
CVE-2020-21490
CVE-2020-21490 is a memory-leak issue in GNU Binutils 2.34, triggered during disassembly of microblaze instructions (microblaze-dis.c). The memory consumption per disassembled instruction can lead to resource exhaustion and potential denial of service. Connected advisories (e.g., EulerOS summarie...
CVE-2025-5245
The CVE-2025-5245 entry pertains to GNU Binutils up to version 2.44, affecting the objdump component. The flaw is in the debug_type_samep function inside /binutils/debug.c, where improper data handling leads to memory corruption. This enables a local attacker to exploit the vulnerability, and pub...
CVE-2006-2362
CVE-2006-2362 is a buffer overflow in getsym in tekhex.c of libbfd (GNU Binutils) used by strings. Reported as exploitable to crash the application and possibly execute arbitrary code via a TekHex file with an invalid length character. Connected advisories (SUSE, Ubuntu USN-292-1, OpenVAS entries...
CVE-2025-69644
Binutils CVE-2025-69644 affects the objdump tool prior to version 2.46. A logic flaw in processing DWARF location list headers, together with malformed debug information in a crafted binary, can trigger a denial-of-service via an unbounded loop and endless output, enabling a local attacker to cau...