CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19724 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2020-19724
22 Aug 2023 — A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Un problema de consumo de memoria en la función get_data en binutils/nm.c en GNU nm antes de la versión 2.34 permite a los atacantes causar una denegación de servicio a través de un comando manipulado. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was... • https://sourceware.org/bugzilla/show_bug.cgi?id=25362 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47695 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-47695
22 Aug 2023 — An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks wh... • https://sourceware.org/bugzilla/show_bug.cgi?id=29846 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48064
https://notcve.org/view.php?id=CVE-2022-48064
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35342 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2020-35342
22 Aug 2023 — GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to ... • https://security.netapp.com/advisory/ntap-20231006-0009 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35205 – Ubuntu Security Notice USN-6544-1
https://notcve.org/view.php?id=CVE-2022-35205
22 Aug 2023 — An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Se ha descubierto un problema en readelf de Binutils 2.38.50, el fallo de aserción alcanzable en la función display_debug_names permite a los atacantes provocar una denegación de servicio. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consump... • https://security.netapp.com/advisory/ntap-20231006-0010 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35206
https://notcve.org/view.php?id=CVE-2022-35206
22 Aug 2023 — Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. Vulnerabilidad de eliminación de referencia del puntero NULL en readelf de Binutils 2.38.50 a través de la función read_and_display_attr_value en el archivo dwarf.c. • https://sourceware.org/bugzilla/show_bug.cgi?id=29290 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32256
https://notcve.org/view.php?id=CVE-2021-32256
18 Jul 2023 — An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. • https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25584 – Out of bounds read in parse_module function in bfd/vms-alpha.c
https://notcve.org/view.php?id=CVE-2023-25584
24 May 2023 — An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Se encontró una falla de lectura fuera de límites en la función parse_module en bfd/vms-alpha.c en Binutils. It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. • https://access.redhat.com/security/cve/CVE-2023-25584 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25588 – Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
https://notcve.org/view.php?id=CVE-2023-25588
24 May 2023 — A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. Se encontró una falla en Binutils. El campo `the_bfd` de `asymbol`struct no está inicializado en la función `bfd_mach_o_get_synthetic_symtab`, lo que puede provocar un bloqueo de la aplicación y una denegación de servicio local. It was discovered that GNU binutils incorrectly handled certain DWARF files. • https://access.redhat.com/security/cve/CVE-2023-25588 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1972 – Gentoo Linux Security Advisory 202309-15
https://notcve.org/view.php?id=CVE-2023-1972
17 May 2023 — A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. • https://bugzilla.redhat.com/show_bug.cgi?id=2185646 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •