CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8394 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-8394
01 May 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. La biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), tal como se distribuye en GNU Binutils 2.28, es vulnerable a una lectura no válida de tamaño 4 referencia... • https://security.gentoo.org/glsa/201709-02 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8392 – Gentoo Linux Security Advisory 201709-02
https://notcve.org/view.php?id=CVE-2017-8392
01 May 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. La biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), tal como se distribuye en GNU Binutils 2.28, es vulnerable... • https://security.gentoo.org/glsa/201709-02 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8393 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-8393
01 May 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. La biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), ... • https://security.gentoo.org/glsa/201709-02 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8397 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-8397
01 May 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), tal como se distribuye en GNU Binutils 2.28, es vulnerable... • https://security.gentoo.org/glsa/201709-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8395 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-8395
01 May 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), tal como se distribuye en ... • https://security.gentoo.org/glsa/201709-02 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7869 – gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3)
https://notcve.org/view.php?id=CVE-2017-7869
14 Apr 2017 — GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. GnuTLS en versiones anteriores a 20-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de entero y desbordamiento de búfer basado en memoria dinámica en relación con la función cdk_pkt_read en opencdk/read-packet.c. Est... • http://www.securityfocus.com/bid/97040 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10326
https://notcve.org/view.php?id=CVE-2016-10326
13 Apr 2017 — In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. En libosip2 en GNU oSIP 4.1.0, un mensaje SIP malformado puede conducir a un desbordamiento de búfer memoria dinámica en la función osip_body_to_str() definida en osipparser2/osip_body.c, lo que resulta en un DoS remoto. • http://www.debian.org/security/2017/dsa-3879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7853
https://notcve.org/view.php?id=CVE-2017-7853
13 Apr 2017 — In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. En libosip2 en GNU oSIP versiones 4.1.0 y 5.0.0, un mensaje SIP malformado puede conllevar a un desbordamiento del búfer de la pila en la función msg_osip_body_parse() definida en el archivo osipparser2/osip_message_parse.c, resultando en una DoS remota. • http://www.debian.org/security/2017/dsa-3879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10324
https://notcve.org/view.php?id=CVE-2016-10324
13 Apr 2017 — In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. En libosip2 en GNU oSIP 4.1.0, un mensaje SIP de formado puede conducir a un desbordamiento del búfer memoria dinámica en la función osip_clrncpy() definida en osipparser2/osip_port.c. • http://www.debian.org/security/2017/dsa-3879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10325
https://notcve.org/view.php?id=CVE-2016-10325
13 Apr 2017 — In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. En libosip2 en GNU oSIP 4.1.0, un mensaje SIP malformado puede conducir a un desbordamiento del búfer memoria dinámica en la función _osip_message_to_str() definida en osipparser2/osip_message_to_str.c, lo que resulta en un DoS remoto. • http://www.debian.org/security/2017/dsa-3879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •