CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-8945 – binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable
https://notcve.org/view.php?id=CVE-2018-8945
22 Mar 2018 — The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: ninguna. Motivo: Este candidato estaba en un grupo de CNA que no estaba asignado a ningún problema durante 2017. Notas: ninguna. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7643 – binutils: Integer overflow in the display_debug_ranges function resulting in crash
https://notcve.org/view.php?id=CVE-2018-7643
02 Mar 2018 — The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. La función display_debug_ranges en dwarf.c en GNU Binutils 2.30 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de enteros y caída de aplicación) o, probablemente, provocar cualquier otro tipo de problema mediante un archiv... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7642 – binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash
https://notcve.org/view.php?id=CVE-2018-7642
02 Mar 2018 — The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. La funcíon swap_std_reloc_in en aoutx.h en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30 y anteriores permite que atacantes remo... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7568 – binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library
https://notcve.org/view.php?id=CVE-2018-7568
28 Feb 2018 — The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. La función parse_die en dwarf1.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de ser... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7569 – binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library
https://notcve.org/view.php?id=CVE-2018-7569
28 Feb 2018 — dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. dwarf2.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento o subdesbordamiento ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7570 – Gentoo Linux Security Advisory 201811-17
https://notcve.org/view.php?id=CVE-2018-7570
28 Feb 2018 — The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. La función assign_file_positions_for_non_load_sections en elf.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se d... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7208 – binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file
https://notcve.org/view.php?id=CVE-2018-7208
18 Feb 2018 — In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. En la función coff_pointerize_aux en coffgen.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GN... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6872 – Gentoo Linux Security Advisory 201811-17
https://notcve.org/view.php?id=CVE-2018-6872
09 Feb 2018 — The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. La función elf_parse_notes en elf.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límite... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6759 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-6759
06 Feb 2018 — The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. La función bfd_get_debug_link_info_1 en opncls.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29.2,30, tiene una operación strnlen... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6543 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-6543
02 Feb 2018 — In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. En GNU Binutils 2.30, hay un desbordamiento de enteros en la función load_specific_debug_section() en objdump.c, que resulta en "malloc()" con tamaño 0. Un archivo ELF manipulado permite que atacantes remotos provoquen una den... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound •