CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25586 – Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
https://notcve.org/view.php?id=CVE-2023-25586
14 Sep 2023 — A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Se encontró una falla en Binutils. Un error lógico en la función bfd_init_section_decompress_status puede provocar el uso de una variable no inicializada que puede provocar un bloqueo y una denegación de servicio local. • https://access.redhat.com/security/cve/CVE-2023-25586 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4039 – GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
https://notcve.org/view.php?id=CVE-2023-4039
13 Sep 2023 — **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is... • https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 • CWE-693: Protection Mechanism Failure •
CVSS: 5.9EPSS: 0%CPEs: 23EXPL: 1CVE-2023-4813 – Glibc: potential use-after-free in gaih_inet()
https://notcve.org/view.php?id=CVE-2023-4813
12 Sep 2023 — A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Se encontró una falla en glibc. En una situación poco común, la función gaih_inet puede utilizar memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. • https://github.com/tnishiox/cve-2023-4813 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46174 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2021-46174
22 Aug 2023 — Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Desbordamiento de búfer basado en el montículo en la función bfd_getl32 de Binutils objdump 3.37. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. • https://sourceware.org/bugzilla/show_bug.cgi?id=28753 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44840 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2022-44840
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could ... • https://sourceware.org/bugzilla/show_bug.cgi?id=29732 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45703
https://notcve.org/view.php?id=CVE-2022-45703
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. • https://security.netapp.com/advisory/ntap-20231006-0003 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47007 – Ubuntu Security Notice USN-6413-1
https://notcve.org/view.php?id=CVE-2022-47007
22 Aug 2023 — An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing boun... • https://sourceware.org/bugzilla/show_bug.cgi?id=29254 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47008
https://notcve.org/view.php?id=CVE-2022-47008
22 Aug 2023 — An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. • https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47010 – Ubuntu Security Notice USN-6581-1
https://notcve.org/view.php?id=CVE-2022-47010
22 Aug 2023 — An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered that GNU binutils incorrectly handled memory management operations in s... • https://sourceware.org/bugzilla/show_bug.cgi?id=29262 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47011 – Ubuntu Security Notice USN-6413-1
https://notcve.org/view.php?id=CVE-2022-47011
22 Aug 2023 — An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing ... • https://sourceware.org/bugzilla/show_bug.cgi?id=29261 • CWE-401: Missing Release of Memory after Effective Lifetime •