CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11113 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-11113
08 Jul 2017 — In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. En ncurses 6.0, hay una desreferencia de puntero NULL en la función _nc_parse_entry de tinfo/parse_entry.c. Podría provocar un ataque de denegación de servicio remoto si se utiliza el código de la librería terminfo al procesar datos terminfo no confiables. It was discovered that ... • https://bugzilla.redhat.com/show_bug.cgi?id=1464691 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-10790 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2017-10790
02 Jul 2017 — The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto... • https://bugzilla.redhat.com/show_bug.cgi?id=1464141 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-10791
https://notcve.org/view.php?id=CVE-2017-10791
02 Jul 2017 — There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. Se presenta un desbordamiento entero en la función hash_int de la biblioteca libpspp en PSPP anterior a la versión 0.11.0 de GNU. Por ejemplo, fue observado un bloqueo en el código de la biblioteca al intentar convertir dato... • http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-10792
https://notcve.org/view.php?id=CVE-2017-10792
02 Jul 2017 — There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. Se presenta una desreferencia de puntero NULL en la función ll_insert() de la biblioteca libpspp en PSPP anterior a la versión 0.11.0 de GNU. Por ejemplo, se observó un bloqueo en el código de la biblioteca al inte... • http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-10684 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-10684
29 Jun 2017 — In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. En ncurses 6.0, hay una vulnerabilidad de desbordamiento de búfer basado en pila en la función fmt_entry. Se podría realizar un ataque de ejecución remota de código arbitrario con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-... • https://bugzilla.redhat.com/show_bug.cgi?id=1464687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-10685 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-10685
29 Jun 2017 — In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. En ncurses 6.0, hay una vulnerabilidad de cadena de formato en la función fmt_entry. Se podría realizar un ataque de ejecución remota de código arbitrario con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. • https://bugzilla.redhat.com/show_bug.cgi?id=1464692 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9955
https://notcve.org/view.php?id=CVE-2017-9955
26 Jun 2017 — The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. La función get_build_id en el archivo opncls.c en la librería Binary File Descriptor (BFD) (también conocida como libbfd) d... • http://www.securityfocus.com/bid/99573 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9954 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-9954
26 Jun 2017 — The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. La función getvalue en el archivo teckhex.c en la librería Binary File Descriptor (BFD), distribuida en GNU Binutils 2.28, permite a un atacante remoto causar una denegación de servicio (buffer ov... • http://www.securityfocus.com/bid/99307 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9778
https://notcve.org/view.php?id=CVE-2017-9778
21 Jun 2017 — GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. GNU Debugger (GDB) en versiones 8.0 y anteriores no detecta un campo de longitud negativa en una sección DWARF. Una sección mal formada en un binario ELF o un archivo core puede hacer que GDB asigne memoria repetidamente... • http://www.securityfocus.com/bid/99244 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-9753 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-9753
19 Jun 2017 — The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. La función versados_mkobject en el archivo bfd/versados.c en la biblioteca Bina... • http://www.securityfocus.com/bid/99116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •