Page 10 of 49 results (0.012 seconds)

CVSS: 5.0EPSS: 3%CPEs: 8EXPL: 0

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. La función srec_scan en bfd/srec.c en libdbfd en GNU binutils anterior a 2.25 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un S-record pequeño. An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings utility on a specially crafted file, it could cause the strings executable to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://openwall.com/lists/oss-security/2014/10/23/5 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://www.openwall.com/lists/oss-security/2014/10/26/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-839: Numeric Range Comparison Without Minimum Check •

CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 2

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Múltiples vulnerabilidades de salto de directorio en GNU binutils 2.24 y anteriores permiten a usuarios locales eliminar ficheros arbitrarios a través de un .. (punto punto) o nombre completo de ruta en un archivo en (1) strip o (2) objcopy o crear ficheros arbitrarios a través de (3) un .. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://lists.fedoraproject.or • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 3

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. Desbordamiento de buffer basado en pila en la función srec_scan en bfd/srec.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente tener orto impacto no especificado a través de un fichero manipulado. A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 0

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. Varias vulnerabilidades de desbordamiento de enteros en la función _objalloc_alloc (1) en objalloc.c y (2) macro objalloc_alloc en include/objalloc.h en GNU libiberty, utilizada por binutils v2.22, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionada con la "adición de CHUNK_HEADER_SIZE a la longitud", lo que provoca un desbordamiento de búfer basado en heap • http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411 http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html http://security-tracker.debian.org/tracker/CVE-2012-3509 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://www.openwall.com/lists/oss-security/2012/08/29/3 http://www.securityfocus.com/bid/55281 http://www.ubuntu.com/usn/USN-2496-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78135 • CWE-189: Numeric Errors •