Binutils@* Security Vulnerabilities and Issues — Binutils@* CVE List

Lucene search

GnuBinutils*

9 matches found

CVE•added 2021/03/26 5:15 p.m.•185 views

CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can tric...

6.3CVSS6.3AI score0.00138EPSS

CVE•added 2021/12/15 8:15 p.m.•168 views

CVE-2021-45078

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

7.8CVSS8.1AI score0.00531EPSS

CVE•added 2021/01/04 3:15 p.m.•166 views

CVE-2020-35507

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

5.5CVSS5.7AI score0.00082EPSS

CVE•added 2021/04/29 4:15 p.m.•136 views

CVE-2021-20294

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrit...

7.8CVSS7.4AI score0.19156EPSS

CVE•added 2021/01/04 3:15 p.m.•132 views

CVE-2020-35493

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

5.5CVSS5.8AI score0.00469EPSS

CVE•added 2021/01/04 3:15 p.m.•128 views

CVE-2020-35496

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils vers...

5.5CVSS5.5AI score0.00082EPSS

CVE•added 2021/01/04 3:15 p.m.•103 views

CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils ve...

6.1CVSS6AI score0.00355EPSS

CVE•added 2021/01/04 3:15 p.m.•99 views

CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

5.5CVSS5.5AI score0.00355EPSS

CVE•added 2021/11/18 10:15 p.m.•89 views

CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

7.8CVSS7.6AI score0.00241EPSS