CVE-2023-25584 – Out of bounds read in parse_module function in bfd/vms-alpha.c
https://notcve.org/view.php?id=CVE-2023-25584
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Se encontró una falla de lectura fuera de límites en la función parse_module en bfd/vms-alpha.c en Binutils. • https://access.redhat.com/security/cve/CVE-2023-25584 https://bugzilla.redhat.com/show_bug.cgi?id=2167467 https://security.netapp.com/advisory/ntap-20231103-0002 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 • CWE-125: Out-of-bounds Read •
CVE-2023-1972
https://notcve.org/view.php?id=CVE-2023-1972
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. • https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://security.gentoo.org/glsa/202309-15 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-1579 – binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfd_getl64
https://notcve.org/view.php?id=CVE-2023-1579
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. A heap based buffer overflow was found in binutils-gdb/bfd/libbfd.c in bfd_getl64 in binutils. • https://security.gentoo.org/glsa/202309-15 https://security.netapp.com/advisory/ntap-20230511-0009 https://sourceware.org/bugzilla/show_bug.cgi?id=29988 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11d171f1910b508a81d21faa087ad1af573407d8 https://access.redhat.com/security/cve/CVE-2023-1579 https://bugzilla.redhat.com/show_bug.cgi?id=2180905 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-4285 – binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault
https://notcve.org/view.php?id=CVE-2022-4285
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. Se encontró una falla de acceso ilegal a la memoria en el paquete binutils. El parseo de un archivo ELF que contiene información de versión de símbolo corrupta puede resultar en una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://security.gentoo.org/glsa/202309-15 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://access.redhat.com/security/cve/CVE-2022-4285 • CWE-476: NULL Pointer Dereference •
CVE-2022-38533
https://notcve.org/view.php?id=CVE-2022-38533
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. En GNU Binutils versiones anteriores a 2.4.0, se presenta un desbordamiento del búfer de la pila en la función de error bfd_getl32 cuando es llamada desde la función strip_main en strip-new por medio de un archivo diseñado. • https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ https://security.gentoo.org/glsa/202309-15 https://security.netapp.com/advisory/ntap-20221104-0007 https://sourceware.org/bugzilla/show_bug.cgi?id=29482 https://sourceware.org/bugzilla/show_bug.cgi?id& • CWE-787: Out-of-bounds Write •