CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47007 – Ubuntu Security Notice USN-6413-1
https://notcve.org/view.php?id=CVE-2022-47007
22 Aug 2023 — An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing boun... • https://sourceware.org/bugzilla/show_bug.cgi?id=29254 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48065 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-48065
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45703
https://notcve.org/view.php?id=CVE-2022-45703
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. • https://security.netapp.com/advisory/ntap-20231006-0003 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48064
https://notcve.org/view.php?id=CVE-2022-48064
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47695 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-47695
22 Aug 2023 — An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks wh... • https://sourceware.org/bugzilla/show_bug.cgi?id=29846 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47696
https://notcve.org/view.php?id=CVE-2022-47696
22 Aug 2023 — An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. • https://sourceware.org/bugzilla/show_bug.cgi?id=29677 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25584 – Out of bounds read in parse_module function in bfd/vms-alpha.c
https://notcve.org/view.php?id=CVE-2023-25584
24 May 2023 — An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Se encontró una falla de lectura fuera de límites en la función parse_module en bfd/vms-alpha.c en Binutils. It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. • https://access.redhat.com/security/cve/CVE-2023-25584 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38533 – Ubuntu Security Notice USN-5762-1
https://notcve.org/view.php?id=CVE-2022-38533
25 Aug 2022 — In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. En GNU Binutils versiones anteriores a 2.4.0, se presenta un desbordamiento del búfer de la pila en la función de error bfd_getl32 cuando es llamada desde la función strip_main en strip-new por medio de un archivo diseñado. It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to... • https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-45078 – Ubuntu Security Notice USN-6160-1
https://notcve.org/view.php?id=CVE-2021-45078
15 Dec 2021 — stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. La función stab_xcoff_builtin_type en el archivo stabs.c en GNU Binutils versiones hasta 2.37, permite a atacantes causar una denegación de servicio (desbordamiento de búfer basado en la pila) o posiblemente tener o... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6 • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20197 – binutils: Race window allows users to own arbitrary files
https://notcve.org/view.php?id=CVE-2021-20197
26 Mar 2021 — There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Se presenta una ventana de carrera abierta cuando se escribe la salida en las siguientes utilidades en GNU binutils versiones 2.35 y a... • https://bugzilla.redhat.com/show_bug.cgi?id=1913743 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •