CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7299 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7299
29 Mar 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), distribuida en GNU Binutils 2.28, tiene una lectura no válida (de tamaño 8) porq... • http://www.securityfocus.com/bid/97217 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7301 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7301
29 Mar 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), distribuida en GNU Binutils 2.28, tiene una función aout_link_add_symbols en bfd/aoutx.h que tiene una vulnerabilidad off-by-one porque n... • http://www.securityfocus.com/bid/97218 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7300 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7300
29 Mar 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. "La librería Binary File Descriptor (BFD) (también conocida como libbfd), distribuida en GNU Binutils 2.28, tiene una función de aout_link_add_symbols en bfd / aoutx.h que es vu... • http://www.securityfocus.com/bid/97219 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7304
https://notcve.org/view.php?id=CVE-2017-7304
29 Mar 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), distribuida en GNU Binutils 2.28, es vulnerable a lecturas inválidas (de tamaño 8) debido a la falta d... • http://www.securityfocus.com/bid/97215 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7303
https://notcve.org/view.php?id=CVE-2017-7303
29 Mar 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), distribuida en GNU Binutils 2.28, es vulnerable a una lectura no válida (de tamaño 4) debido a falta de un cheque (en la función fi... • http://www.securityfocus.com/bid/97213 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7302 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7302
29 Mar 2017 — The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. La librería Binary File Descriptor (BFD) (también conocida como libbfd), distribuida en GNU Binutils 2.28, tiene una función swap_std_reloc_out en bfd/aoutx.h que es vulnerable a una lectu... • http://www.securityfocus.com/bid/97216 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5932 – Ubuntu Security Notice USN-3294-1
https://notcve.org/view.php?id=CVE-2017-5932
27 Mar 2017 — The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. La funcionalidad de autocompletar de ruta en Bash 4.4 permite usuarios locales obtener privilegios a través de nombre de archivo manipulado empezando con un carácter "(comillas dobles) y un metacaracter de sustitución de comandos. Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the pr... • http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7226 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7226
22 Mar 2017 — The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. La función pe_ILF_object_p en la librería del archivo binario descriptorBinary File Descriptor (BFD) (también conocida como libbfd), dist... • https://sourceware.org/bugzilla/show_bug.cgi?id=20905 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7227 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7227
22 Mar 2017 — GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. GNU linker (ld) en GNU Binutils 2.28 es vulnerable a un desbordamiento de búfer basado en memoria dinámica mientras procesa un script de entrada falso, lo que provoca una caída del programa. Esto se relaciona con la falta de terminación '\ 0' de un campo de nombre en ldlex.l. USN-4336-1 fixed... • http://www.securityfocus.com/bid/97209 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7223 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7223
22 Mar 2017 — GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. Ensamblador GNU en GNU Binutils 2.28 es vulnerable a un desbordamiento de búfer global (de tamaño 1) mientras intenta descomprimir un carácter EOF de un flujo de entrada, conduciendo potencialmente a una caída del programa. USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the correspond... • https://security.gentoo.org/glsa/201801-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •