Lucene search
K

41 matches found

CVE
CVE
added 2018/03/22 9:0 p.m.273 views

CVE-2018-8945

CVE-2018-8945 affects the Binary File Descriptor library (libbfd) within GNU Binutils 2.30. The bfd_section_from_shdr function can be triggered by a crafted attribute section in an ELF file, causing a remote denial of service (segmentation fault). Public advisories and CVE lists (CentOS/CESA, Gen...

5.5CVSS5.9AI score0.02057EPSS
CVE
CVE
added 2018/02/18 4:0 a.m.270 views

CVE-2018-7208

CVE-2018-7208 : In GNU Binutils libbfd (Binary File Descriptor) 2.30, coff_pointerize_aux() in coffgen.c does not validate an index, enabling a crafted COFF file to cause a denial of service (segmentation fault) or potentially other impact. Exploitation is demonstrated via COFF object handling (o...

7.8CVSS6.7AI score0.02256EPSS
CVE
CVE
added 2018/03/02 3:0 p.m.264 views

CVE-2018-7643

CVE-2018-7643 affects GNU Binutils 2.30. The vulnerability is caused by an integer overflow in display_debug_ranges in dwarf.c, enabling a remote attacker to cause a denial of service (crash) via a crafted ELF file (as shown by objdump). Related advisories in connected docs confirm impact in Binu...

7.8CVSS7.9AI score0.02367EPSS
CVE
CVE
added 2018/02/28 9:0 p.m.256 views

CVE-2018-7568

CVE-2018-7568 affects the GNU Binutils libbfd component; specifically, an integer wraparound/overflow in the parse_die path (dwarf1.c) when processing ELF files with corrupted DWARF debug info, potentially allowing a remote attacker to crash the application (denial of service). Several connected ...

5.5CVSS6.1AI score0.01961EPSS
CVE
CVE
added 2018/12/20 5:0 p.m.248 views

CVE-2018-1000876

The CVE-2018-1000876 vulnerability affects GNU binutils up to version 2.32 and earlier, with the flaw in the object dump and relocation code (objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc) that can trigger an integer overflow leading to a heap overflow. This could all...

7.8CVSS7.9AI score0.00656EPSS
CVE
CVE
added 2018/03/02 3:0 p.m.248 views

CVE-2018-7642

Summary: CVE-2018-7642 affects the GNU Binutils Binary File Descriptor library (libbfd) in the aoutx.h path, with a vulnerability in swap_std_reloc_in that can trigger a NULL pointer dereference when processing crafted ELF files, causing a denial of service. The vulnerability is evidenced in mult...

5.5CVSS5.8AI score0.01918EPSS
CVE
CVE
added 2018/02/28 9:0 p.m.246 views

CVE-2018-7569

CVE-2018-7569 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30 and earlier. The flaw resides in dwarf2.c where a crafted ELF file containing a corrupted DWARF FORM block can trigger an integer underflow/overflow, leading to a denial of service (application crash). Th...

5.5CVSS6AI score0.02085EPSS
CVE
CVE
added 2018/12/07 7:0 a.m.234 views

CVE-2018-19931

CVE-2018-19931 affects the GNU Binutils Binary File Descriptor library (libbfd) as shipped in Binutils

7.8CVSS7.7AI score0.01606EPSS
CVE
CVE
added 2018/02/02 9:0 a.m.207 views

CVE-2018-6543

CVE-2018-6543 affects GNU Binutils 2.30. The issue is an integer overflow in load_specific_debug_section() in objdump.c, which can cause malloc() with a size of 0 for crafted ELF files. This can lead to a denial of service (application crash) and possibly other unmanaged effects when a victim ope...

7.8CVSS6.8AI score0.02329EPSS
CVE
CVE
added 2018/12/31 7:0 p.m.197 views

CVE-2018-20623

CVE-2018-20623 affects GNU Binutils 2.31.1. A use-after-free in elfcomm.c: error() when called from readelf.c:process_archive via a crafted ELF can cause a crash. This is echoed in the Astra Linux bulletin. No exploitation details or patch/version fixes are provided in the supplied documents; rem...

5.5CVSS5.9AI score0.01817EPSS
CVE
CVE
added 2018/02/06 8:0 p.m.194 views

CVE-2018-6759

CVE-2018-6759 affects GNU Binutils libbfd (BFD) in Binutils 2.30. The bfd_get_debug_link_info_1 function in opncls.c uses an unchecked strnlen, enabling remote-crafted ELF files to trigger a denial of service (segmentation fault). Remediation per vendor advisories is to upgrade Binutils to a newe...

5.5CVSS5.7AI score0.02131EPSS
CVE
CVE
added 2018/02/28 9:0 p.m.192 views

CVE-2018-7570

CVE-2018-7570 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.30, where assign_file_positions_for_non_load_sections in elf.c can cause a NULL pointer dereference/DoS when processing an ELF with a RELRO segment lacking a matching LOAD. Exploitation details are not provided in the document...

5.5CVSS5.9AI score0.01508EPSS
CVE
CVE
added 2018/04/29 3:0 p.m.190 views

CVE-2018-10535

CVE-2018-10535 affects GNU Binutils’ libbfd (ignore_section_sym in elf.c) where a symtab entry with a SECTION type and value 0 can lead to a NULL pointer dereference and crash via a crafted file (e.g., objcopy). The issue is reported for Binutils 2.30 with a vulnerable path in ignore_section_sym ...

5.5CVSS5.8AI score0.02236EPSS
CVE
CVE
added 2018/12/07 7:0 a.m.190 views

CVE-2018-19932

CVE-2018-19932 affects GNU Binutils libbfd. The issue is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Public docs describe it as a vulnerability in binutils through 2.31 with potential stability/denial effects; remediation quoted in connected sources is ...

5.5CVSS6.3AI score0.01977EPSS
CVE
CVE
added 2018/01/26 8:0 a.m.189 views

CVE-2018-6323

CVE-2018-6323 : In GNU Binutils’ libbfd, the elf_object_p function in elfcode.h contains an unsigned integer overflow due to missing use of bfd_size_type in multiplication. A crafted ELF file can remotely crash the application (DoS) or have unspecified other impact. This CVE is referenced in IBM ...

7.8CVSS6.8AI score0.05834EPSS
CVE
CVE
added 2018/04/25 9:0 a.m.188 views

CVE-2018-10372

GNU Binutils 2.30 contains a heap-based buffer over-read in process_cu_tu_index (dwarf.c) that can be triggered by processing a crafted binary file (e.g., via readelf), leading to denial of service. The issue affects Binutils 2.30 as distributed in affected builds and has been addressed in later ...

5.5CVSS5.9AI score0.02412EPSS
CVE
CVE
added 2018/02/09 6:0 a.m.186 views

CVE-2018-6872

CVE-2018-6872 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30. The vulnerability is in the function elf_parse_notes (elf.c) and allows a remote attacker to cause a denial of service via an out-of-bounds read leading to segmentation fault when processing a note with ...

5.5CVSS5.8AI score0.02209EPSS
CVE
CVE
added 2018/07/01 4:0 p.m.185 views

CVE-2018-13033

CVE-2018-13033 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30, enabling an attacker to cause a denial of service (excessive memory allocation and crash) via a crafted ELF file during nm execution. Connected advisories confirm a fix path through updates to binutils ...

5.5CVSS5.8AI score0.03095EPSS
CVE
CVE
added 2018/04/25 9:0 a.m.183 views

CVE-2018-10373

CVE-2018-10373 is a vulnerability in the GNU Binutils Binary File Descriptor library (libbfd), specifically in the function concat_filename() in dwarf2.c. The issue (present in Binutils 2.30) allows remote attackers to trigger a denial of service via a crafted binary file, caused by a NULL pointe...

6.5CVSS6.3AI score0.03467EPSS
CVE
CVE
added 2018/04/29 3:0 p.m.180 views

CVE-2018-10534

CVE-2018-10534 is a vulnerability in GNU Binutils’ Binary File Descriptor library (libbfd). The issue arises in the function sequence involving the _bfd_XX_bfd_copy_private_bfd_data_common routine (peXXigen.c) when processing a negative Data Directory size, which enters an unbounded loop and expa...

5.5CVSS6.1AI score0.01886EPSS
CVE
CVE
added 2018/09/23 6:0 p.m.174 views

CVE-2018-17359

CVE-2018-17359 affects the GNU Binutils Binary File Descriptor (BFD) library (libbfd). The issue is an invalid memory access in bfd_zalloc within opncls.c that can be triggered by a crafted ELF file, leading to a denial of service (application crash). Affected component: GNU Binutils (libbfd) as ...

5.5CVSS5.7AI score0.01284EPSS
CVE
CVE
added 2018/09/23 6:0 p.m.173 views

CVE-2018-17358

CVE-2018-17358 : A vulnerability in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.31 allows an invalid memory access in _bfd_stab_section_find_nearest_line (syms.c). This can be triggered by processing a crafted ELF file and may cause an application crash (DoS...

5.5CVSS5.7AI score0.01326EPSS
CVE
CVE
added 2018/10/15 2:0 a.m.173 views

CVE-2018-18309

CVE-2018-18309 affects the GNU Binutils Binary File Descriptor library (libbfd) as distributed with Binutils 2.31. The issue is an invalid memory address dereference in read_reloc (reloc.c) that can cause a segmentation fault and application crash, leading to denial of service due to missing boun...

5.5CVSS6AI score0.0182EPSS
CVE
CVE
added 2018/10/23 5:0 p.m.173 views

CVE-2018-18605

CVE-2018-18605 affects GNU Binutils libbfd (BFD) where a heap-based buffer over-read occurs in sec_merge_hash_lookup during section merges when entsize does not divide the size. This can allow remote DoS via specially crafted ELF (as demonstrated by ld). Affected products reference Binutils 2.31;...

5.5CVSS6.1AI score0.0232EPSS
CVE
CVE
added 2018/09/23 6:0 p.m.171 views

CVE-2018-17360

The CVE-2018-17360 issue is a vulnerability in the GNU Binutils Binary File Descriptor (BFD) library (libbfd). Concrete details in connected documents show a heap-based buffer over-read in bfd_getl32() within libbfd.c, exploitable via a crafted PE file and triggerable by objdump. The Astra Linux ...

5.5CVSS5.8AI score0.01341EPSS
CVE
CVE
added 2018/10/18 8:0 p.m.170 views

CVE-2018-18484

CVE-2018-18484 is a GNU Binutils stack exhaustion/denial-of-service in cp-demangle.c (C++ demangling) due to recursive stack usage. Public advisories (IBM Netezza Platform Software, IBM Netezza Analytics, Astra Linux bulletin) confirm the same root cause and list affected products and versions. I...

5.5CVSS6AI score0.01884EPSS
CVE
CVE
added 2018/06/23 10:0 p.m.169 views

CVE-2018-12699

CVE-2018-12699 (finish_stab in stabs.c, GNU Binutils) allows heap-based buffer overflow during objdump execution, leading to denial of service and possibly other impact. Connected records extend the issue to stab_xcoff_builtin_type in stabs.c (Binutils through 2.37), noted as related and arising ...

9.8CVSS8.4AI score0.04505EPSS
CVE
CVE
added 2018/10/23 5:0 p.m.169 views

CVE-2018-18607

CVE-2018-18607 is a NULL pointer dereference in elf_link_input_bfd (elfin GNU Binutils libbfd) when locating STT_TLS symbols without a TLS section. A crafted ELF can cause denial of service (DoS); impact is consistent with DoS in affected Binutils 2.31, including remote triggering via ld in demon...

5.5CVSS6AI score0.0232EPSS
CVE
CVE
added 2018/10/04 11:0 p.m.168 views

CVE-2018-17985

CVE-2018-17985 is a stack consumption vulnerability in GNU Binutils (libiberty), observed in cp-demangle.c with cplus_demangle_type performing recursive calls when many 'P' characters occur. The Astra Linux advisory mirrors this description, noting the issue in Binutils 2.31. The provided documen...

5.5CVSS6AI score0.01291EPSS
CVE
CVE
added 2018/10/18 8:0 p.m.167 views

CVE-2018-18483

CVE-2018-18483 affects GNU Binutils (libiberty) get_count in cplus-dem.c, distributed with Binutils 2.31. The flaw allows a remote attacker to trigger a denial of service via a crafted string, due to an integer-overflow result used in a malloc call (as demonstrated by c++filt). Connected sources ...

7.8CVSS6.6AI score0.02458EPSS
CVE
CVE
added 2018/10/23 5:0 p.m.160 views

CVE-2018-18606

CVE-2018-18606 affects GNU Binutils (libbfd). The issue is a NULL pointer dereference in _bfd_add_merge_section during merging of sections with large alignments, enabling DoS via crafted ELF. Multiple vendors document this under Binutils remediation; confirmed fixes involve upgrading Binutils to ...

5.5CVSS6AI score0.0232EPSS
CVE
CVE
added 2018/06/23 10:0 p.m.152 views

CVE-2018-12697

CVE-2018-12697 is a NULL pointer dereference in GNU libiberty (work_stuff_copy_to_from in cplus-dem.c) as distributed with GNU Binutils 2.30, potentially triggered during objdump. The Connected documents confirm the vulnerability in Binutils’ libiberty, but do not provide a concrete fixed version...

7.5CVSS7.4AI score0.05229EPSS
CVE
CVE
added 2018/12/10 2:0 a.m.144 views

CVE-2018-20002

CVE-2018-20002 affects GNU Binutils’ BFD library (libbfd); the _bfd_generic_read_minisymbols function leaks memory when processing crafted ELF files, causing DoS via memory consumption. Documented in multiple sources (Binutils 2.31, nm demonstration). Impact is a denial of service with potential ...

5.5CVSS5.7AI score0.01819EPSS
CVE
CVE
added 2018/06/22 12:0 p.m.134 views

CVE-2018-12641

CVE-2018-12641 affects GNU Binutils 2.30, causing stack exhaustion in the libiberty C++ demangling code (arm_pt in cplus-dem.c) during nm-new due to recursive stack frames (demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, demangle_nested_args). Th...

5.5CVSS6.1AI score0.02077EPSS
CVE
CVE
added 2018/10/27 4:0 p.m.110 views

CVE-2018-18700

CVE-2018-18700 affects GNU Binutils 2.31 with a stack consumption vulnerability caused by infinite recursion in cp-demangle.c (functions d_name(), d_encoding(), d_local_name()). The issue enables a remote attacker to trigger a denial-of-service via an ELF file, as demonstrated by nm. Connected As...

5.5CVSS6AI score0.01686EPSS
CVE
CVE
added 2018/06/23 10:0 p.m.107 views

CVE-2018-12698

CVE-2018-12698 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c (Binutils 2.30). It allows attackers to trigger excessive memory consumption (OOM) during objdump execution due to a memory-management issue in demangle_template. Multiple connected advisori...

7.5CVSS7.3AI score0.0669EPSS
CVE
CVE
added 2018/06/28 2:0 p.m.104 views

CVE-2018-12934

CVE-2018-12934 affects GNU Binutils 2.30, specifically remember_Ktype in cplus-dem.c used by libiberty. The vulnerability can trigger excessive memory consumption (OOM) during execution of cxxfilt, as described in the connected Nessus/NASL entries. The affected component is GNU Binutils’ cplus-de...

7.5CVSS6.1AI score0.03252EPSS
CVE
CVE
added 2018/09/30 8:0 p.m.98 views

CVE-2018-17794

CVE-2018-17794 affects GNU Binutils/libiberty (cplus-dem.c) where a NULL pointer dereference in work_stuff_copy_to_from can be triggered when called from iterate_demangle_function. The issue is tied to Binutils 2.31; the provided documents describe the vulnerability and target the demangling work...

6.5CVSS6.6AI score0.01803EPSS
CVE
CVE
added 2018/04/10 10:0 p.m.96 views

CVE-2018-9996

CVE-2018-9996 concerns GNU Binutils libiberty (cplus-dem.c). The issue is a stack-exhaustion/recursion vulnerability in the C++ demangling functions, caused by deep recursive frames in demangle_template_value_parm, demangle_integral_value, and demangle_expression. Effects described in the connect...

5.5CVSS5.6AI score0.01333EPSS
CVE
CVE
added 2018/03/30 8:0 a.m.95 views

CVE-2018-9138

CVE-2018-9138 affects GNU Binutils’ libiberty code, specifically cplus-dem.c, with stack exhaustion caused by recursive C++ demangling frames (demangle_nested_args, demangle_args, do_arg, do_type) in GNU Binutils 2.29 and 2.30. Connected documents reference this issue and indicate a fix has been ...

5.5CVSS6.1AI score0.01073EPSS
CVE
CVE
added 2018/10/27 4:0 p.m.92 views

CVE-2018-18701

CVE-2018-18701 describes a stack-consumption vulnerability in GNU Binutils’ libiberty (cp-demangle.c) caused by infinite recursion in next_is_type_qual() and cplus_demangle_type(). The issue affects Binutils 2.31 and can enable a remote attacker to induce denial of service via an ELF file (demons...

5.5CVSS6AI score0.01686EPSS