apk package

chainguard/binutils-dev

pkg:apk/chainguard/binutils-dev

Vulnerabilities (17)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-11840	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 16, 2025	A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be
CVE-2025-11839	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 16, 2025	A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used
CVE-2025-11495	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 8, 2025	A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has
CVE-2025-11494	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 8, 2025	A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made publi
CVE-2025-11414	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 7, 2025	A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been pu
CVE-2025-11413	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 7, 2025	A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and
CVE-2025-11412	Low	3.3	< 2.45.1-r1	2.45.1-r1	Oct 7, 2025	A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclos
CVE-2025-11083	Med	5.3	< 2.45.1-r1	2.45.1-r1	Sep 27, 2025	A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclos
CVE-2025-11082	Med	5.3	< 2.45.1-r1	2.45.1-r1	Sep 27, 2025	A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been pu
CVE-2025-11081	Low	3.3	< 2.45.1-r1	2.45.1-r1	Sep 27, 2025	A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. T
CVE-2025-7546	Med	5.3	< 2.45.1-r1	2.45.1-r1	Jul 13, 2025	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host
CVE-2025-7545	Med	5.3	< 2.45.1-r1	2.45.1-r1	Jul 13, 2025	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been dis
CVE-2025-3198	Low	3.3	< 2.45-r0	2.45-r0	Apr 4, 2025	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locall
CVE-2025-1153		—	< 2.45-r0	2.45-r0	Feb 10, 2025	A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rath
CVE-2023-1972		—	< 2.40-r3	2.40-r3	May 17, 2023	A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-1579		—	< 2.40-r0	2.40-r0	Apr 3, 2023	Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVE-2022-38533		—	< 2.39-r2	2.39-r2	Aug 25, 2022	In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

CVE-2025-11840LowOct 16, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be
CVE-2025-11839LowOct 16, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used
CVE-2025-11495LowOct 8, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has
CVE-2025-11494LowOct 8, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made publi
CVE-2025-11414LowOct 7, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been pu
CVE-2025-11413LowOct 7, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and
CVE-2025-11412LowOct 7, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclos
CVE-2025-11083MedSep 27, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclos
CVE-2025-11082MedSep 27, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been pu
CVE-2025-11081LowSep 27, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. T
CVE-2025-7546MedJul 13, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host
CVE-2025-7545MedJul 13, 2025
affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been dis
CVE-2025-3198LowApr 4, 2025
affected < 2.45-r0fixed 2.45-r0
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locall
CVE-2025-1153Feb 10, 2025
affected < 2.45-r0fixed 2.45-r0
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rath
CVE-2023-1972May 17, 2023
affected < 2.40-r3fixed 2.40-r3
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-1579Apr 3, 2023
affected < 2.40-r0fixed 2.40-r0
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVE-2022-38533Aug 25, 2022
affected < 2.39-r2fixed 2.39-r2
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.