CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1152 – GNU Binutils ld xstrdup.c xstrdup memory leak
https://notcve.org/view.php?id=CVE-2025-1152
10 Feb 2025 — A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1151 – GNU Binutils ld xmemdup.c xmemdup memory leak
https://notcve.org/view.php?id=CVE-2025-1151
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1150 – GNU Binutils ld libbfd.c bfd_malloc memory leak
https://notcve.org/view.php?id=CVE-2025-1150
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1149 – GNU Binutils ld xmalloc.c xstrdup memory leak
https://notcve.org/view.php?id=CVE-2025-1149
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1148 – GNU Binutils ld ldelfgen.c link_order_scan memory leak
https://notcve.org/view.php?id=CVE-2025-1148
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1147 – GNU Binutils nm nm.c internal_strlen buffer overflow
https://notcve.org/view.php?id=CVE-2025-1147
10 Feb 2025 — A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 44EXPL: 1CVE-2025-0840 – GNU Binutils objdump.c disassemble_bytes stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0840
29 Jan 2025 — A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25585 – Field `file_table` of `struct module *module` is uninitialized
https://notcve.org/view.php?id=CVE-2023-25585
14 Sep 2023 — A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Se encontró una falla en Binutils. El uso de un campo no inicializado en el módulo de estructura *module puede provocar el bloqueo de la aplicación y la denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25585 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25586 – Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
https://notcve.org/view.php?id=CVE-2023-25586
14 Sep 2023 — A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Se encontró una falla en Binutils. Un error lógico en la función bfd_init_section_decompress_status puede provocar el uso de una variable no inicializada que puede provocar un bloqueo y una denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25586 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35205 – Ubuntu Security Notice USN-6544-1
https://notcve.org/view.php?id=CVE-2022-35205
22 Aug 2023 — An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Se ha descubierto un problema en readelf de Binutils 2.38.50, el fallo de aserción alcanzable en la función display_debug_names permite a los atacantes provocar una denegación de servicio. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consump... • https://security.netapp.com/advisory/ntap-20231006-0010 • CWE-617: Reachable Assertion •