Binutils@2.31.1 Security Vulnerabilities and Issues — Binutils@2.31.1 CVE List

Lucene search

GnuBinutils2.31.1

8 matches found

CVE•added 2019/01/01 4:29 p.m.•187 views

CVE-2018-20651

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to ca...

5.5CVSS6AI score0.00805EPSS

CVE•added 2018/12/31 7:29 p.m.•158 views

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

5.5CVSS5.9AI score0.00497EPSS

CVE•added 2018/09/23 6:29 p.m.•154 views

CVE-2018-17360

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the execut...

5.5CVSS5.8AI score0.00236EPSS

CVE•added 2018/09/23 6:29 p.m.•150 views

CVE-2018-17358

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a...

5.5CVSS5.7AI score0.00211EPSS

CVE•added 2018/09/23 6:29 p.m.•145 views

CVE-2018-17359

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

5.5CVSS5.7AI score0.00113EPSS

CVE•added 2019/01/04 6:29 p.m.•120 views

CVE-2018-20673

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

5.5CVSS5.7AI score0.00091EPSS

CVE•added 2019/01/02 2:29 p.m.•92 views

CVE-2018-20657

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

7.5CVSS7AI score0.01455EPSS

CVE•added 2019/01/15 12:29 a.m.•83 views

CVE-2018-20712

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

6.5CVSS6.3AI score0.0107EPSS