apk package
wolfi/binutils
pkg:apk/wolfi/binutils
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6846 | Hig | 7.8 | < 2.46-r2 | 2.46-r2 | Apr 22, 2026 | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitr | |
| CVE-2025-69652 | — | < 2.46.1-r0 | 2.46.1-r0 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate int | ||
| CVE-2025-69651 | — | < 2.46.1-r0 | 2.46.1-r0 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain part | ||
| CVE-2025-69650 | — | < 2.46-r0 | 2.46-r0 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_sect | ||
| CVE-2025-69649 | — | < 2.46-r0 | 2.46-r0 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentati | ||
| CVE-2025-11840 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 16, 2025 | A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be | |
| CVE-2025-11839 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 16, 2025 | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used | |
| CVE-2025-11495 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 8, 2025 | A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has | |
| CVE-2025-11494 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 8, 2025 | A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made publi | |
| CVE-2025-11414 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 7, 2025 | A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been pu | |
| CVE-2025-11413 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 7, 2025 | A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and | |
| CVE-2025-11412 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Oct 7, 2025 | A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclos | |
| CVE-2025-11083 | Med | 5.3 | < 2.45.1-r1 | 2.45.1-r1 | Sep 27, 2025 | A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclos | |
| CVE-2025-11082 | Med | 5.3 | < 2.45.1-r1 | 2.45.1-r1 | Sep 27, 2025 | A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been pu | |
| CVE-2025-11081 | Low | 3.3 | < 2.45.1-r1 | 2.45.1-r1 | Sep 27, 2025 | A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. T | |
| CVE-2025-7546 | Med | 5.3 | < 2.45.1-r1 | 2.45.1-r1 | Jul 13, 2025 | A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host | |
| CVE-2025-7545 | Med | 5.3 | < 2.45.1-r1 | 2.45.1-r1 | Jul 13, 2025 | A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been dis | |
| CVE-2025-3198 | Low | 3.3 | < 2.45-r0 | 2.45-r0 | Apr 4, 2025 | A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locall | |
| CVE-2025-1153 | — | < 2.45-r0 | 2.45-r0 | Feb 10, 2025 | A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rath | ||
| CVE-2023-1972 | — | < 2.40-r3 | 2.40-r3 | May 17, 2023 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. |
- affected < 2.46-r2fixed 2.46-r2
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitr
- CVE-2025-69652Mar 6, 2026affected < 2.46.1-r0fixed 2.46.1-r0
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate int
- CVE-2025-69651Mar 6, 2026affected < 2.46.1-r0fixed 2.46.1-r0
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain part
- CVE-2025-69650Mar 6, 2026affected < 2.46-r0fixed 2.46-r0
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_sect
- CVE-2025-69649Mar 6, 2026affected < 2.46-r0fixed 2.46-r0
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentati
- affected < 2.45.1-r1fixed 2.45.1-r1
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be
- affected < 2.45.1-r1fixed 2.45.1-r1
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made publi
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been pu
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclos
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclos
- affected < 2.45.1-r1fixed 2.45.1-r1
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been pu
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. T
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host
- affected < 2.45.1-r1fixed 2.45.1-r1
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been dis
- affected < 2.45-r0fixed 2.45-r0
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locall
- CVE-2025-1153Feb 10, 2025affected < 2.45-r0fixed 2.45-r0
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rath
- CVE-2023-1972May 17, 2023affected < 2.40-r3fixed 2.40-r3
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Page 1 of 2