CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48063 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-48063
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. • https://security.netapp.com/advisory/ntap-20231006-0008 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48064
https://notcve.org/view.php?id=CVE-2022-48064
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48065 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-48065
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25584 – Out of bounds read in parse_module function in bfd/vms-alpha.c
https://notcve.org/view.php?id=CVE-2023-25584
24 May 2023 — An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Se encontró una falla de lectura fuera de límites en la función parse_module en bfd/vms-alpha.c en Binutils. It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. • https://access.redhat.com/security/cve/CVE-2023-25584 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38533 – Ubuntu Security Notice USN-5762-1
https://notcve.org/view.php?id=CVE-2022-38533
25 Aug 2022 — In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. En GNU Binutils versiones anteriores a 2.4.0, se presenta un desbordamiento del búfer de la pila en la función de error bfd_getl32 cuando es llamada desde la función strip_main en strip-new por medio de un archivo diseñado. It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to... • https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-45078 – Ubuntu Security Notice USN-6160-1
https://notcve.org/view.php?id=CVE-2021-45078
15 Dec 2021 — stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. La función stab_xcoff_builtin_type en el archivo stabs.c en GNU Binutils versiones hasta 2.37, permite a atacantes causar una denegación de servicio (desbordamiento de búfer basado en la pila) o posiblemente tener o... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37322
https://notcve.org/view.php?id=CVE-2021-37322
18 Nov 2021 — GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. Se ha detectado que GCC c++filt versión v2.26 contiene una vulnerabilidad de uso de memoria previamente liberada por medio del componente cplus-dem.c. • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20197 – binutils: Race window allows users to own arbitrary files
https://notcve.org/view.php?id=CVE-2021-20197
26 Mar 2021 — There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Se presenta una ventana de carrera abierta cuando se escribe la salida en las siguientes utilidades en GNU binutils versiones 2.35 y a... • https://bugzilla.redhat.com/show_bug.cgi?id=1913743 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35507 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35507
04 Jan 2021 — There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. Se presenta un fallo en bfd_pef_parse_function_stubs de bfd/pef.c en binutils en versiones anteriores a la 2.34 que podría permitir a un atacante que sea capaz de enviar un archivo crafteado para ser procesado por objd... • https://bugzilla.redhat.com/show_bug.cgi?id=1911691 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35496 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35496
04 Jan 2021 — There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en la función bfd_pef_scan_start_address() del archivo bfd/pef.c en binutils que podría permitir que un atacante que puede enviar un archivo diseñado para ser procesado por... • https://bugzilla.redhat.com/show_bug.cgi?id=1911444 • CWE-476: NULL Pointer Dereference •