Binutils Security Vulnerabilities and Issues — Binutils CVE List

Lucene search

GnuBinutils

11 matches found

CVE•added 2023/05/17 10:15 p.m.•475 views

CVE-2023-1972

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

6.5CVSS6.7AI score0.00045EPSS

CVE•added 2019/10/10 5:15 p.m.•294 views

CVE-2019-17450

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

6.5CVSS6.3AI score0.00906EPSS

CVE•added 2021/03/26 5:15 p.m.•176 views

CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can tric...

6.3CVSS6.3AI score0.00184EPSS

CVE•added 2019/10/10 5:15 p.m.•172 views

CVE-2019-17451

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

6.5CVSS6.7AI score0.00622EPSS

CVE•added 2018/04/25 9:29 a.m.•161 views

CVE-2018-10373

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

6.5CVSS6.3AI score0.01071EPSS

CVE•added 2023/07/18 2:15 p.m.•129 views

CVE-2021-32256

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

6.5CVSS6.6AI score0.00115EPSS

CVE•added 2021/01/04 3:15 p.m.•101 views

CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils ve...

6.1CVSS6AI score0.00355EPSS

CVE•added 2019/01/15 12:29 a.m.•83 views

CVE-2018-20712

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

6.5CVSS6.3AI score0.0107EPSS

CVE•added 2018/09/30 8:29 p.m.•81 views

CVE-2018-17794

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.

6.5CVSS6.6AI score0.00477EPSS

CVE•added 2017/08/19 4:29 p.m.•78 views

CVE-2017-12967

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

6.5CVSS5.9AI score0.01003EPSS

CVE•added 2025/02/11 7:15 a.m.•56 views

CVE-2025-1178

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is r...

6.3CVSS5.5AI score0.0016EPSS