CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1149 – GNU Binutils ld xmalloc.c xstrdup memory leak
https://notcve.org/view.php?id=CVE-2025-1149
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1148 – GNU Binutils ld ldelfgen.c link_order_scan memory leak
https://notcve.org/view.php?id=CVE-2025-1148
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1147 – GNU Binutils nm nm.c internal_strlen buffer overflow
https://notcve.org/view.php?id=CVE-2025-1147
10 Feb 2025 — A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 44EXPL: 1CVE-2025-0840 – GNU Binutils objdump.c disassemble_bytes stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0840
29 Jan 2025 — A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25585 – Field `file_table` of `struct module *module` is uninitialized
https://notcve.org/view.php?id=CVE-2023-25585
14 Sep 2023 — A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Se encontró una falla en Binutils. El uso de un campo no inicializado en el módulo de estructura *module puede provocar el bloqueo de la aplicación y la denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25585 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25586 – Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
https://notcve.org/view.php?id=CVE-2023-25586
14 Sep 2023 — A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Se encontró una falla en Binutils. Un error lógico en la función bfd_init_section_decompress_status puede provocar el uso de una variable no inicializada que puede provocar un bloqueo y una denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25586 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46174 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2021-46174
22 Aug 2023 — Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Desbordamiento de búfer basado en el montículo en la función bfd_getl32 de Binutils objdump 3.37. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. • https://sourceware.org/bugzilla/show_bug.cgi?id=28753 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35205 – Ubuntu Security Notice USN-6544-1
https://notcve.org/view.php?id=CVE-2022-35205
22 Aug 2023 — An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Se ha descubierto un problema en readelf de Binutils 2.38.50, el fallo de aserción alcanzable en la función display_debug_names permite a los atacantes provocar una denegación de servicio. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consump... • https://security.netapp.com/advisory/ntap-20231006-0010 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35206
https://notcve.org/view.php?id=CVE-2022-35206
22 Aug 2023 — Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. Vulnerabilidad de eliminación de referencia del puntero NULL en readelf de Binutils 2.38.50 a través de la función read_and_display_attr_value en el archivo dwarf.c. • https://sourceware.org/bugzilla/show_bug.cgi?id=29290 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44840 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2022-44840
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could ... • https://sourceware.org/bugzilla/show_bug.cgi?id=29732 • CWE-787: Out-of-bounds Write •