CVSS: 7.8EPSS: 15%CPEs: 1EXPL: 2CVE-2021-20294 – Gentoo Linux Security Advisory 202208-30
https://notcve.org/view.php?id=CVE-2021-20294
29 Apr 2021 — A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. Se encontró un fallo en el programa binutils readelf versión 2.35. Un atacante que sea capaz de convencer a una víctima usando readelf para que lea un archivo diseñado podría desencadenar... • https://github.com/tin-z/CVE-2021-20294-POC • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20197 – binutils: Race window allows users to own arbitrary files
https://notcve.org/view.php?id=CVE-2021-20197
26 Mar 2021 — There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Se presenta una ventana de carrera abierta cuando se escribe la salida en las siguientes utilidades en GNU binutils versiones 2.35 y a... • https://bugzilla.redhat.com/show_bug.cgi?id=1913743 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-20284 – binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c
https://notcve.org/view.php?id=CVE-2021-20284
26 Mar 2021 — A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. Se detectó un fallo en GNU Binutils versión 2.35.1, donde se presenta un desbordamiento de búfer en la región heap de la memoria en la función _bfd_elf_slurp_secondary_reloc_section en el archivo elf.c debido a que el número de símbolos no se calculó ... • https://bugzilla.redhat.com/show_bug.cgi?id=1937784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35507 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35507
04 Jan 2021 — There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. Se presenta un fallo en bfd_pef_parse_function_stubs de bfd/pef.c en binutils en versiones anteriores a la 2.34 que podría permitir a un atacante que sea capaz de enviar un archivo crafteado para ser procesado por objd... • https://bugzilla.redhat.com/show_bug.cgi?id=1911691 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35496 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35496
04 Jan 2021 — There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en la función bfd_pef_scan_start_address() del archivo bfd/pef.c en binutils que podría permitir que un atacante que puede enviar un archivo diseñado para ser procesado por... • https://bugzilla.redhat.com/show_bug.cgi?id=1911444 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35495 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35495
04 Jan 2021 — There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /bfd/pef.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911441 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35494 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35494
04 Jan 2021 — There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911439 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35493 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35493
04 Jan 2021 — A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites ... • https://bugzilla.redhat.com/show_bug.cgi?id=1911437 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35448 – binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c
https://notcve.org/view.php?id=CVE-2020-35448
27 Dec 2020 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. Se detectó un problema en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd), distribuida en GNU Binutils versión 2.35.1. Una lectura excesiva de búfer en la región heap de la memoria puede ocurrir en... • https://security.gentoo.org/glsa/202107-24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-16599
https://notcve.org/view.php?id=CVE-2020-16599
09 Dec 2020 — A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Se presenta una vulnerabilidad de Desreferencia del Puntero Null en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd), como se distribuye en GNU Binutils versión 2.35, en _bfd_elf_get_symbol_version_string, como es demostra... • https://security.netapp.com/advisory/ntap-20210122-0003 • CWE-476: NULL Pointer Dereference •