Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Filtered by product Binutils
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20294 1 Gnu 1 Binutils 2021-05-09 6.8 MEDIUM 7.8 HIGH
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
CVE-2021-3487 3 Fedoraproject, Gnu, Redhat 3 Fedora, Binutils, Enterprise Linux 2021-05-04 7.1 HIGH 6.5 MEDIUM
There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
CVE-2020-35448 2 Gnu, Netapp 2 Binutils, Ontap Select Deploy Administration Utility 2021-04-28 4.3 MEDIUM 3.3 LOW
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
CVE-2020-16599 1 Gnu 1 Binutils 2021-04-16 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVE-2020-16593 1 Gnu 1 Binutils 2021-04-16 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
CVE-2020-16591 1 Gnu 1 Binutils 2021-04-16 4.3 MEDIUM 5.5 MEDIUM
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
CVE-2020-16590 1 Gnu 1 Binutils 2021-04-16 4.3 MEDIUM 5.5 MEDIUM
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
CVE-2021-20197 2 Gnu, Redhat 2 Binutils, Enterprise Linux 2021-04-01 3.3 LOW 6.3 MEDIUM
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVE-2021-20284 1 Gnu 1 Binutils 2021-03-31 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVE-2020-35494 3 Fedoraproject, Gnu, Netapp 6 Fedora, Binutils, Hci Compute Node and 3 more 2021-02-22 5.8 MEDIUM 6.1 MEDIUM
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
CVE-2020-35496 3 Fedoraproject, Gnu, Netapp 6 Fedora, Binutils, Hci Compute Node and 3 more 2021-02-22 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-35495 3 Fedoraproject, Gnu, Netapp 6 Fedora, Binutils, Hci Compute Node and 3 more 2021-02-18 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-35507 3 Gnu, Netapp, Redhat 5 Binutils, Hci Bootstrap Os, Ontap Select Deploy Administration Utility and 2 more 2021-02-18 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
CVE-2020-35493 3 Fedoraproject, Gnu, Netapp 6 Fedora, Binutils, Hci Compute Node and 3 more 2021-02-17 4.3 MEDIUM 5.5 MEDIUM
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-16592 1 Gnu 1 Binutils 2021-01-15 4.3 MEDIUM 5.5 MEDIUM
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVE-2019-17450 1 Gnu 1 Binutils 2020-11-02 4.3 MEDIUM 6.5 MEDIUM
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVE-2019-17451 1 Gnu 1 Binutils 2020-11-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
CVE-2019-14444 1 Gnu 1 Binutils 2020-11-02 4.3 MEDIUM 5.5 MEDIUM
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2019-12972 1 Gnu 1 Binutils 2020-11-02 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVE-2019-9074 2 Gnu, Netapp 2 Binutils, Element Software Management 2020-11-02 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.