CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000876 – binutils: integer overflow leads to heap-based buffer overflow in objdump
https://notcve.org/view.php?id=CVE-2018-1000876
20 Dec 2018 — binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. binutils, en versiones 2.32 y anteriores, contiene una vulnerabilidad de desbordamiento... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17358 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-17358
23 Sep 2018 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. Se ha detectado una vulnerabilidad en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Existe un acceso a memoria no válid... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17359 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-17359
23 Sep 2018 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. Se ha detectado una vulnerabilidad en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Existe un acceso a memoria no válida en bfd_zalloc en opnc... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17360 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-17360
23 Sep 2018 — An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. Se ha detectado una vulnerabilidad en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Una sobrelectura de búfer basada en memo... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-125: Out-of-bounds Read •