CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35494
https://notcve.org/view.php?id=CVE-2020-35494
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911439 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20210212-0007 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35493
https://notcve.org/view.php?id=CVE-2020-35493
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites que podría tener un impacto en la disponibilidad de la aplicación. • https://bugzilla.redhat.com/show_bug.cgi?id=1911437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20210212-0007 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1010204 – binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service
https://notcve.org/view.php?id=CVE-2019-1010204
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de límites. • https://security.netapp.com/advisory/ntap-20190822-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2019-1010204 https://bugzilla.redhat.com/show_bug.cgi?id=1735604 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20671
https://notcve.org/view.php?id=CVE-2018-20671
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. load_specific_debug_section en objdump.c en GNU Binutils hasta la versión 2.31.1 contiene una vulnerabilidad de desbordamiento de enteros que puede provocar un desbordamiento de búfer basado en memoria dinámica (heap) mediante un tamaño de sección manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/106457 https://sourceware.org/bugzilla/show_bug.cgi?id=24005 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11fa9f134fd658075c6f74499c780df045d9e9ca https://usn.ubuntu.com/4336-1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000876 – binutils: integer overflow leads to heap-based buffer overflow in objdump
https://notcve.org/view.php?id=CVE-2018-1000876
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. binutils, en versiones 2.32 y anteriores, contiene una vulnerabilidad de desbordamiento de enteros en objdump, bfd_get_dynamic_reloc_upper_bound y bfd_canonicalize_dynamic_reloc que puede resultar en un desbordamiento de enteros que desencadena un desbordamiento de memoria dinámica (heap). Si se explota con éxito, podría conducir a la ejecución de código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/106304 https://access.redhat.com/errata/RHSA-2019:2075 https://sourceware.org/bugzilla/show_bug.cgi?id=23994 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f https://usn.ubuntu.com/4336-1 https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla. • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •