CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 3CVE-2014-8504 – binutils: stack overflow in the SREC parser
https://notcve.org/view.php?id=CVE-2014-8504
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. Desbordamiento de buffer basado en pila en la función srec_scan en bfd/srec.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente tener orto impacto no especificado a través de un fichero manipulado. A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 2CVE-2014-8737 – binutils: directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2014-8737
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Múltiples vulnerabilidades de salto de directorio en GNU binutils 2.24 y anteriores permiten a usuarios locales eliminar ficheros arbitrarios a través de un .. (punto punto) o nombre completo de ruta en un archivo en (1) strip o (2) objcopy o crear ficheros arbitrarios a través de (3) un .. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://lists.fedoraproject.or • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2006-2362 – GNU BinUtils 2.1x - Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2362
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. • https://www.exploit-db.com/exploits/27856 http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/20188 http://secunia.com/advisories/20531 http://secunia.com/advisories/20550 http://secunia.com/advisories/22932 http://secunia.com/advisories/27441 http://sourceware.org/bugzilla/show_bug.cgi?id=2584 http://www.mail-archive.com/bug-binutils%40gnu.org/msg01516.html http://www.novell.com/linux/security/advisories/2006_26_sr.html htt • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4808
https://notcve.org/view.php?id=CVE-2005-4808
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. • http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069 http://www.ubuntu.com/usn/usn-366-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/44661 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2005-4807 – GNU BinUtils 2.1x - GAS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4807
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. • https://www.exploit-db.com/exploits/28397 http://bugs.gentoo.org/show_bug.cgi?id=99464 http://secunia.com/advisories/21508 http://secunia.com/advisories/21530 http://www.osvdb.org/27960 http://www.securityfocus.com/bid/19555 http://www.ubuntu.com/usn/usn-336-1 http://www.vupen.com/english/advisories/2006/3307 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •