Lucene search
+L

37 matches found

CVE
CVE
added 2025/02/10 7:0 p.m.174 views

CVE-2025-1153

GNU Binutils 2.43/2.44 contains a memory-corruption vulnerability in bfd_set_format within format.c. The issue can be triggered remotely; attack complexity is high and no privileges are required. A fix is available in Binutils 2.45, with patch identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. ...

5.9CVSS3.6AI score0.01331EPSS
CVE
CVE
added 2025/04/04 1:31 a.m.149 views

CVE-2025-3198

CVE-2025-3198 affects GNU Binutils 2.43/2.44, specifically the display_info function in binutils/bucomm.c used by objdump. The issue is a memory leak caused by the manipulation within display_info. Exploitation is described as local, with the exploit disclosure publicly available. A patch is iden...

5.5CVSS7.1AI score0.00261EPSS
CVE
CVE
added 2025/01/29 8:0 p.m.146 views

CVE-2025-0840

CVE-2025-0840 affects GNU Binutils up to 2.43, targeting the function disassemble_bytes in binutils/objdump.c. The vulnerability arises from manipulating the argument buf, causing a stack-based buffer overflow. A remote attacker can exploit this, with attack complexity labeled as high and exploit...

7.5CVSS5.3AI score0.00726EPSS
CVE
CVE
added 2025/05/27 1:0 p.m.104 views

CVE-2025-5244

CVE-2025-5244 affects GNU Binutils up to 2.44. The vulnerability is in the ld component, specifically the function elf_gc_sweep in bfd/elflink.c , where input length handling leads to memory corruption. The exploit requires a local attack vector, and public disclosures indicate the exploit is ava...

7.8CVSS6.8AI score0.00235EPSS
CVE
CVE
added 2025/05/27 2:31 p.m.104 views

CVE-2025-5245

The CVE-2025-5245 entry pertains to GNU Binutils up to version 2.44, affecting the objdump component. The flaw is in the debug_type_samep function inside /binutils/debug.c, where improper data handling leads to memory corruption. This enables a local attacker to exploit the vulnerability, and pub...

7.8CVSS6.7AI score0.00235EPSS
CVE
CVE
added 2025/02/10 4:31 p.m.103 views

CVE-2025-1150

CVE-2025-1150 affects GNU Binutils, specifically the ld component’s libbfd.c function bfd_malloc, causing a memory leak. Public reports describe remote exploitation with high attack complexity and an initial leak in Binutils 2.43. Connected advisories confirm fixes were implemented in later binut...

3.1CVSS3.8AI score0.00595EPSS
CVE
CVE
added 2025/02/10 2:31 p.m.96 views

CVE-2025-1149

CVE-2025-1149 affects GNU Binutils 2.43, specifically the xstrdup path in libiberty/xmalloc.c used by ld, causing a memory leak. The issue can be exploited remotely and is described as high attack complexity with the exploit publicly disclosed. Reports indicate fixes have been committed to the ma...

3.1CVSS3.9AI score0.00565EPSS
CVE
CVE
added 2025/02/10 6:0 p.m.96 views

CVE-2025-1152

CVE-2025-1152 affects GNU Binutils 2.43, specifically the function xstrdup in xstrdup.c within the ld component, causing a memory leak. Publicly disclosed exploit details indicate the issue can be triggered remotely, with attack complexity described as high and exploitability as low to moderate d...

3.7CVSS3.9AI score0.00599EPSS
CVE
CVE
added 2025/02/10 5:0 p.m.93 views

CVE-2025-1151

CVE-2025-1151 concerns GNU Binutils 2.43, where the memory leak originates in ld’s xmemdup.c (function xmemdup). The vulnerability can be triggered remotely and is described as high attack complexity with a disclosed exploit. Several connected advisories document a patch path: openSUSE/SUSE advis...

3.1CVSS3.9AI score0.00595EPSS
CVE
CVE
added 2025/02/10 1:31 p.m.92 views

CVE-2025-1147

CVE-2025-1147 refers to a buffer overflow in GNU Binutils 2.43, specifically in nm.c:__sanitizer::internal_strlen. Connected advisories indicate the fix is in Binutils 2.45, with openSUSE/SUSE advisories recommending upgrading to 2.45 (and related patch content). The vulnerability is exploitable ...

5.3CVSS3.8AI score0.00658EPSS
CVE
CVE
added 2025/02/11 5:31 a.m.92 views

CVE-2025-1176

Affected software : GNU Binutils 2.43, specifically the ld component and the function _bfd_elf_gc_mark_rsec in elflink.c. Vulnerability : heap-based buffer overflow. Impact/conditions : may be exploited remotely; attack complexity is high; privileges required: none; user interaction required. Exp...

5.1CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2025/02/11 7:0 a.m.92 views

CVE-2025-1179

GNU Binutils 2.43 contains a memory corruption vulnerability in the ld component, specifically in the bfd_putl64 function of bfd/libbfd.c. The issue can be triggered remotely and is characterized by high attack complexity and the possibility of exploitation being disclosed publicly. Upgrading to ...

7.5CVSS5.1AI score0.00555EPSS
CVE
CVE
added 2025/02/11 7:31 a.m.92 views

CVE-2025-1180

The CVE-2025-1180 issue affects GNU Binutils 2.43, specifically the _bfd_elf_write_section_eh_frame function in bfd/elf-eh-frame.c used by ld. It causes memory corruption and can be triggered remotely; attack complexity is high, and exploitation is possible after disclosure. The available sources...

3.1CVSS3.7AI score0.00679EPSS
CVE
CVE
added 2025/02/11 8:0 a.m.90 views

CVE-2025-1181

GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...

5.1CVSS5.1AI score0.00698EPSS
CVE
CVE
added 2025/02/11 8:31 a.m.86 views

CVE-2025-1182

CVE-2025-1182 affects GNU Binutils 2.43, specifically the ld component; the memory corruption is triggered by bfd_elf_reloc_symbol_deleted_p in bfd/elflink.c. The vulnerability is remote-exploitable with high attack complexity, and public exploitation is noted. A patch is available (patch id: b42...

5.1CVSS5.1AI score0.00576EPSS
CVE
CVE
added 2025/02/10 2:0 p.m.84 views

CVE-2025-1148

GNU Binutils 2.43 contains a memory-leak vulnerability in ld/ldelfgen.c: link_order_scan. The issue is exploitable remotely with high attack complexity; vendor notes fixes have been made on master and a 2.45 branch/updates are available (binutils 2.45), so upgrading to a newer Binutils release is...

3.1CVSS3.8AI score0.00628EPSS
CVE
CVE
added 2025/02/11 6:31 a.m.78 views

CVE-2025-1178

CVE-2025-1178 affects GNU Binutils 2.43, specifically the ld component’s libbfd.c function bfd_putl64, where memory corruption is triggered. The issue can be exploited remotely with high attack complexity, and the exploit has been disclosed publicly. A patch identifier 75086e9de1707281172cc77f178...

6.3CVSS5.5AI score0.00787EPSS
CVE
CVE
added 2025/10/16 3:32 p.m.75 views

CVE-2025-11840

GNU Binutils 2.45 contains a vulnerability in the vfinfo function of ldmisc.c that can cause an out‑of‑bounds read. The issue is exploitable locally, and the exploit has been publicly released. A patch is referenced as 16357 and applying it is the recommended remediation. The vulnerability is not...

5.5CVSS4.2AI score0.00256EPSS
CVE
CVE
added 2025/07/27 5:32 a.m.57 views

CVE-2025-8224

CVE-2025-8224 affects GNU Binutils 2.44, specifically the BFD Library’s function bfd_elf_get_str_section in bfd/elf.c. The issue can cause a null pointer dereference and requires local access to exploit. Public exploit information exists. A patch is available (patch id: db856d41004301b3a56438efd9...

5.5CVSS3.9AI score0.00225EPSS
CVE
CVE
added 2025/09/27 10:32 p.m.54 views

CVE-2025-11082

The CVE-2025-11082 entry concerns GNU Binutils 2.45. The vulnerable component is the linker function _bfd_elf_parse_eh_frame in bfd/elf-eh-frame.c, where manipulation can trigger a heap-based buffer overflow. Exploitation requires local execution, and an exploit has been published. The patch refe...

7.8CVSS5.5AI score0.00234EPSS
CVE
CVE
added 2025/10/08 7:32 p.m.53 views

CVE-2025-11494

The CVE-2025-11494 entry corresponds to GNU Binutils 2.45. The vulnerability affects the linker component, specifically the function _bfd_x86_elf_late_size_sections in bfd/elfxx-x86.c, causing an out-of-bounds read. Exploitation requires local access, and public exploitation details exist. A patc...

5.5CVSS4.1AI score0.00198EPSS
CVE
CVE
added 2025/09/27 10:2 p.m.52 views

CVE-2025-11081

CVE-2025-11081 pertains to GNU Binutils 2.45, specifically the dump_dwarf_section function in binutils/objdump.c. The issue allows a local attacker to trigger an out-of-bounds read, with exploit details publicly available. A patch is available (hash f87a66db645caf8cc0e6fc87b0c28c78a38af59b) and u...

5.5CVSS6AI score0.00189EPSS
CVE
CVE
added 2025/09/27 11:2 p.m.51 views

CVE-2025-11083

CVE-2025-11083 affects GNU Binutils 2.45, specifically the linker component. The vulnerability is a heap-based overflow in the elf_swap_shdr function (bfd/elfcode.h) that requires local access to exploit. The advisory notes a patch was prepared and indicates fixes were made in version 2.46. Publi...

7.8CVSS6.7AI score0.00235EPSS
CVE
CVE
added 2025/10/16 2:2 p.m.49 views

CVE-2025-11839

CVE-2025-11839 affects GNU Binutils 2.45, with the vulnerable code path in tg_tag_type inside prdbg.c. The issue results from an unchecked return value, enabling a local attacker to exploit it. Multiple connected sources corroborate a locally exploitable flaw and indicate that an exploit has been...

5.5CVSS4.2AI score0.00256EPSS
CVE
CVE
added 2025/07/13 10:2 p.m.48 views

CVE-2025-7546

CVE-2025-7546 affects GNU Binutils 2.45. The vulnerable component is the function bfd_elf_set_group_contents in the file bfd/elf.c , where input data length/size handling can trigger a heap/out-of-bounds write . Local attacker access is required. The exploit has been disclosed publicly. A patch i...

7.8CVSS5.2AI score0.00172EPSS
CVE
CVE
added 2025/07/13 9:44 p.m.46 views

CVE-2025-7545

GNU Binutils 2.45 contains a heap-based buffer overflow in the function copy_section (binutils/objcopy.c). The issue requires local access to exploit. Public disclosure of the exploit exists. A patch identified as 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 has been released and should be applied to...

7.8CVSS5.5AI score0.00254EPSS
CVE
CVE
added 2025/07/27 8:2 a.m.44 views

CVE-2025-8225

The CVE-2025-8225 issue affects GNU Binutils 2.44, specifically the function process_debug_info in binutils/dwarf.c of the DWARF Section Handler. The vulnerability results in a memory leak and requires local access to exploit. A patch is identified by the commit hash e51fdff7d2e538c0e5accdd65649a...

4.8CVSS4AI score0.00223EPSS
CVE
CVE
added 2025/12/29 12:0 a.m.42 views

CVE-2025-66862

CVE-2025-66862 affects GNU Binutils 2.26, with a buffer overflow in gnu_special (cplus-dem.c) that can cause a denial-of-service via a crafted PE file. The issue can trigger a heap-based buffer over-read and terminate affected processes. CVSS v3.1 base score 7.5 (HIGH). Connected advisories ident...

7.5CVSS6.7AI score0.00318EPSS
CVE
CVE
added 2025/10/07 10:2 p.m.38 views

CVE-2025-11412

CVE-2025-11412 affects GNU Binutils 2.45, specifically the function bfd_elf_gc_record_vtentry in bfd/elflink.c of the linker. The issue enables an out-of-bounds read and requires local access. The exploit has been disclosed publicly. A patch identifier is listed: 047435dd988a3975d40c6626a8f739a0b...

5.5CVSS6.4AI score0.00189EPSS
CVE
CVE
added 2025/12/29 12:0 a.m.38 views

CVE-2025-66863

CVE-2025-66863 describes a denial-of-service vulnerability in GNU BinUtils 2.26 caused by the d_discriminator function in cp-demangle.c when processing specially crafted Portable Executable (PE) files. The issue is triggered by crafted inputs and could render the affected application unavailable....

7.5CVSS6.3AI score0.00323EPSS
CVE
CVE
added 2025/12/29 12:0 a.m.35 views

CVE-2025-66866

CVE-2025-66866 affects BinUtils 2.26. The issue is in the function d_abi_tags in cp-demangle.c and could allow a denial of service via a crafted PE file. NVD lists CVSSv3.1 scores (base 7.5 HIGH; AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Remediation guidance appears in Red Hat Advisory: avoid process...

7.5CVSS6.3AI score0.00279EPSS
CVE
CVE
added 2025/10/07 10:2 p.m.30 views

CVE-2025-11413

CVE-2025-11413 : In GNU Binutils 2.45, the vulnerability affects the linker component, specifically the function elf_link_add_object_symbols in bfd/elflink.c, which may cause an out-of-bounds read. The issue requires local access to exploit, and an exploit has been made public. A fix is available...

5.5CVSS6.2AI score0.00203EPSS
CVE
CVE
added 2025/10/07 10:32 p.m.30 views

CVE-2025-11414

GNU Binutils 2.45 contains a local vulnerability in the linker’s bfd/elflink.c get_link_hash_entry function that allows an out-of-bounds read. The issue, disclosed publicly, is mitigated by upgrading to Binutils 2.46. A patch was identified (aeaaa9af6359c8e394ce9cf24911fec4f4d23703). Affected pro...

5.5CVSS4.4AI score0.00189EPSS
CVE
CVE
added 2025/12/29 12:0 a.m.30 views

CVE-2025-66864

CVE-2025-66864 affects Binutils 2.26, where the d_print_comp_inner function in cp-demangle.c misbehaves when processing crafted PE files, causing denial of service through a crash. The connected sources confirm the vulnerable component and the crash impact but do not provide concrete exploit deta...

7.5CVSS6.3AI score0.00204EPSS
CVE
CVE
added 2025/10/08 8:2 p.m.27 views

CVE-2025-11495

CVE-2025-11495 affects GNU Binutils 2.45. The vulnerable element is the linker’s elf_x86_64_relocate_section function in elf64-x86-64.c, where manipulation can cause a heap-based buffer overflow. Impact is local, with publicly disclosed exploit. A patch is available (patch name: 6b21c8b2ecfef5c95...

5.5CVSS4.7AI score0.0022EPSS
CVE
CVE
added 2025/12/29 12:0 a.m.26 views

CVE-2025-66865

CVE-2025-66865 affects GNU Binutils 2.26. A flaw in function d_print_comp_inner in cp-demangle.c can be triggered by processing specially crafted PE files, causing a crash and denial of service. Red Hat’s advisory notes mitigation as not available or not meeting criteria for their base products; ...

7.5CVSS6.3AI score0.00323EPSS
CVE
CVE
added 2025/12/29 12:0 a.m.22 views

CVE-2025-66861

CVE-2025-66861 affects GNU BinUtils 2.26. The issue is in the function d_unqualified_name in cp-demangle.c; processing a specially crafted PE file can cause a crash leading to a denial of service . Red Hat notes that mitigation is not available or does not meet criteria. Other sources corroborate...

2.5CVSS6.3AI score0.00123EPSS