Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Filtered by product Binutils
Total 224 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35507 4 Broadcom, Gnu, Netapp and 1 more 9 Brocade Fabric Operating System, Binutils, Cloud Backup and 6 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
CVE-2020-35496 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-16599 2 Gnu, Netapp 5 Binutils, Cloud Backup, Hci Management Node and 2 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
CVE-2020-35495 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-35493 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-16593 2 Gnu, Netapp 4 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
CVE-2020-35494 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
CVE-2019-17451 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
CVE-2019-17450 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVE-2019-12972 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVE-2019-1010204 2 Gnu, Netapp 4 Binutils, Binutils Gold, Hci Management Node and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
CVE-2019-14444 4 Canonical, Gnu, Netapp and 1 more 5 Ubuntu Linux, Binutils, Hci Management Node and 2 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2019-14250 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2018-18607 3 Debian, Gnu, Netapp 3 Debian Linux, Binutils, Data Ontap 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
CVE-2018-20673 1 Gnu 1 Binutils 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
CVE-2018-17985 1 Gnu 1 Binutils 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
CVE-2018-18701 1 Gnu 1 Binutils 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
CVE-2019-9074 3 Canonical, Gnu, Netapp 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
CVE-2019-9077 4 Canonical, F5, Gnu and 1 more 4 Ubuntu Linux, Traffix Signaling Delivery Controller, Binutils and 1 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
CVE-2018-20002 3 F5, Gnu, Netapp 4 Traffix Signaling Delivery Controller, Binutils, Cluster Data Ontap and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.