CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35495 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35495
04 Jan 2021 — There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /bfd/pef.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911441 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35494 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35494
04 Jan 2021 — There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911439 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35493 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35493
04 Jan 2021 — A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites ... • https://bugzilla.redhat.com/show_bug.cgi?id=1911437 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1010204 – binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service
https://notcve.org/view.php?id=CVE-2019-1010204
23 Jul 2019 — GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de lí... • https://security.netapp.com/advisory/ntap-20190822-0001 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20671 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-20671
04 Jan 2019 — load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. load_specific_debug_section en objdump.c en GNU Binutils hasta la versión 2.31.1 contiene una vulnerabilidad de desbordamiento de enteros que puede provocar un desbordamiento de búfer basado en memoria dinámica (heap) mediante un tamaño de sección manipulado. USN-4336-1 fixed several vulnerabilities in GNU binutils. This ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000876 – binutils: integer overflow leads to heap-based buffer overflow in objdump
https://notcve.org/view.php?id=CVE-2018-1000876
20 Dec 2018 — binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. binutils, en versiones 2.32 y anteriores, contiene una vulnerabilidad de desbordamiento... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-19931 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-19931
07 Dec 2018 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. Se ha descubierto un problema en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Hay un desbordamiento de búfer basado en memoria dinámica (heap) en bfd_elf32_swap_phdr_in en elf... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-19932 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-19932
07 Dec 2018 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Se ha descubierto un problema en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils hasta la versión 2.31. Hay un desbordamiento de enteros y un bucle infinito provocados por la macro IS_CONTAINED_BY_LMA en elf.c. USN-4336-1... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9138 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-9138
30 Mar 2018 — An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. Se ha descubierto una vulnerabilidad en cplus-dem.c en GNU libiberty, tal y como se distribuye en GNU Binutils 2.29 y 2.30. Se produce un agotamiento de pila en las funciones de demangling en C++ proporcionadas por libiberty y hay tra... • https://sourceware.org/bugzilla/show_bug.cgi?id=23008 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15996 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-15996
29 Oct 2017 — elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. elfcomm.c en readelf en GNU Binutils 2.29 permite que atacantes remotos provoquen una denegación ... • http://www.securityfocus.com/bid/101608 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •