CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1149 – GNU Binutils ld xmalloc.c xstrdup memory leak
https://notcve.org/view.php?id=CVE-2025-1149
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1148 – GNU Binutils ld ldelfgen.c link_order_scan memory leak
https://notcve.org/view.php?id=CVE-2025-1148
10 Feb 2025 — A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15887 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1147 – GNU Binutils nm nm.c internal_strlen buffer overflow
https://notcve.org/view.php?id=CVE-2025-1147
10 Feb 2025 — A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 44EXPL: 1CVE-2025-0840 – GNU Binutils objdump.c disassemble_bytes stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0840
29 Jan 2025 — A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25585 – Field `file_table` of `struct module *module` is uninitialized
https://notcve.org/view.php?id=CVE-2023-25585
14 Sep 2023 — A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Se encontró una falla en Binutils. El uso de un campo no inicializado en el módulo de estructura *module puede provocar el bloqueo de la aplicación y la denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25585 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25586 – Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
https://notcve.org/view.php?id=CVE-2023-25586
14 Sep 2023 — A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Se encontró una falla en Binutils. Un error lógico en la función bfd_init_section_decompress_status puede provocar el uso de una variable no inicializada que puede provocar un bloqueo y una denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25586 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46174 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2021-46174
22 Aug 2023 — Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Desbordamiento de búfer basado en el montículo en la función bfd_getl32 de Binutils objdump 3.37. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. • https://sourceware.org/bugzilla/show_bug.cgi?id=28753 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44840 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2022-44840
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could ... • https://sourceware.org/bugzilla/show_bug.cgi?id=29732 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45703
https://notcve.org/view.php?id=CVE-2022-45703
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. • https://security.netapp.com/advisory/ntap-20231006-0003 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47007 – Ubuntu Security Notice USN-6413-1
https://notcve.org/view.php?id=CVE-2022-47007
22 Aug 2023 — An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing boun... • https://sourceware.org/bugzilla/show_bug.cgi?id=29254 • CWE-401: Missing Release of Memory after Effective Lifetime •