CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 2CVE-2014-8737 – binutils: directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2014-8737
09 Dec 2014 — Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Múltiples vulnerabilidades de salto de directorio en GNU binutils 2.24 y anteriores permiten a usuarios locales eliminar ficheros arbitrarios a través de un .. (punto punto) o nombre completo de ruta en un archivo en (1) st... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 1%CPEs: 7EXPL: 0CVE-2012-3509 – Mandriva Linux Security Advisory 2015-029-1
https://notcve.org/view.php?id=CVE-2012-3509
05 Sep 2012 — Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. Varias vulnerabilidades de desbordamiento de enteros en la función _objalloc_alloc (1) en objalloc.c y (2) macro objalloc_alloc en include/objalloc.h en GNU libi... • http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2006-2362 – GNU BinUtils 2.1x - Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2362
15 May 2006 — Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. • https://www.exploit-db.com/exploits/27856 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 21%CPEs: 3EXPL: 2CVE-2005-4807 – GNU BinUtils 2.1x - GAS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4807
31 Dec 2005 — Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. • https://www.exploit-db.com/exploits/28397 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-4808
https://notcve.org/view.php?id=CVE-2005-4808
31 Dec 2005 — Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. • http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069 •