CVSS: 6.3EPSS: 0%CPEs: 44EXPL: 1CVE-2025-0840 – GNU Binutils objdump.c disassemble_bytes stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0840
29 Jan 2025 — A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44840 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2022-44840
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could ... • https://sourceware.org/bugzilla/show_bug.cgi?id=29732 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45703
https://notcve.org/view.php?id=CVE-2022-45703
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. • https://security.netapp.com/advisory/ntap-20231006-0003 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47673
https://notcve.org/view.php?id=CVE-2022-47673
22 Aug 2023 — An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. • https://sourceware.org/bugzilla/show_bug.cgi?id=29876 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47695 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-47695
22 Aug 2023 — An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks wh... • https://sourceware.org/bugzilla/show_bug.cgi?id=29846 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47696
https://notcve.org/view.php?id=CVE-2022-47696
22 Aug 2023 — An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. • https://sourceware.org/bugzilla/show_bug.cgi?id=29677 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48063 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-48063
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. • https://security.netapp.com/advisory/ntap-20231006-0008 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48064
https://notcve.org/view.php?id=CVE-2022-48064
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48065 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-48065
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25584 – Out of bounds read in parse_module function in bfd/vms-alpha.c
https://notcve.org/view.php?id=CVE-2023-25584
24 May 2023 — An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Se encontró una falla de lectura fuera de límites en la función parse_module en bfd/vms-alpha.c en Binutils. It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. • https://access.redhat.com/security/cve/CVE-2023-25584 • CWE-125: Out-of-bounds Read •