CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35495 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35495
04 Jan 2021 — There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /bfd/pef.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911441 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35494 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35494
04 Jan 2021 — There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911439 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35493 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35493
04 Jan 2021 — A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites ... • https://bugzilla.redhat.com/show_bug.cgi?id=1911437 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1010204 – binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service
https://notcve.org/view.php?id=CVE-2019-1010204
23 Jul 2019 — GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de lí... • https://security.netapp.com/advisory/ntap-20190822-0001 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 2CVE-2018-20712
https://notcve.org/view.php?id=CVE-2018-20712
15 Jan 2019 — A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función d_expression_1 en cp-demangle.c en GNU libiberty, tal y como se distribuye en GNU Binutils 2.31.1. Una entrada manipulada puede causar fallos de segmentación, conduciendo a una denegac... • http://www.securityfocus.com/bid/106563 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20673 – libiberty: Integer overflow in demangle_template() function
https://notcve.org/view.php?id=CVE-2018-20673
04 Jan 2019 — The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. La función demangle_template en cplus-dem.c en GNU libiberty, tal y como se distribuía en la versión 2.31.1 de GNU Binutils, contiene una vulnerabilidad de desbordamiento de enteros (para "Create an array for saving the template arg... • http://www.securityfocus.com/bid/106454 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20671 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-20671
04 Jan 2019 — load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. load_specific_debug_section en objdump.c en GNU Binutils hasta la versión 2.31.1 contiene una vulnerabilidad de desbordamiento de enteros que puede provocar un desbordamiento de búfer basado en memoria dinámica (heap) mediante un tamaño de sección manipulado. USN-4336-1 fixed several vulnerabilities in GNU binutils. This ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20657 – libiberty: Memory leak in demangle_template function resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20657
02 Jan 2019 — The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. La función demangle_template en cplus-dem.c en GNU libiberty, como se distribuyó en la versión 2.31.1, tiene una fuga de memoria mediante una cadena manipulada, provocando una denegación de servicio (consumo de memoria), tal y como queda demostrado con ... • http://www.securityfocus.com/bid/106444 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20651 – Gentoo Linux Security Advisory 201908-01
https://notcve.org/view.php?id=CVE-2018-20651
01 Jan 2019 — A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto una desreferencia de puntero NULL en elf_link_add_object_symbols en elflink.c en la biblioteca Binary File Descriptor (BFD) (también conocida como ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20623 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-20623
31 Dec 2018 — In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. En la versión 2.31.1 de GNU Binutils hay una vulnerabilidad de uso de memoria previamente liberada en la función "error" en elfcomm.c, cuando esta última es llamada por la función process_archive en readelf.c mediante un archivo ELF manipulado. USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding up... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-416: Use After Free •