rpm package
almalinux/binutils-devel
pkg:rpm/almalinux/binutils-devel
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11083 | Med | 5.3 | < 2.41-58.el10_1.2.alma.1 | 2.41-58.el10_1.2.alma.1 | Sep 27, 2025 | A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclos | |
| CVE-2025-11082 | Med | 5.3 | < 2.41-58.el10_1.2.alma.1 | 2.41-58.el10_1.2.alma.1 | Sep 27, 2025 | A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been pu | |
| CVE-2025-5244 | Med | 5.3 | < 2.41-58.el10.alma.1 | 2.41-58.el10.alma.1 | May 27, 2025 | A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit | |
| CVE-2022-4285 | — | < 2.30-119.el8_8.2 | 2.30-119.el8_8.2 | Jan 27, 2023 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | ||
| CVE-2021-42574 | — | < 2.30-108.el8_5.1 | 2.30-108.el8_5.1 | Nov 1, 2021 | An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested | ||
| CVE-2021-20197 | — | < 2.30-108.el8 | 2.30-108.el8 | Mar 26, 2021 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivi | ||
| CVE-2021-20284 | — | < 2.30-108.el8 | 2.30-108.el8 | Mar 26, 2021 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-35448 | — | < 2.30-108.el8 | 2.30-108.el8 | Dec 27, 2020 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf. | ||
| CVE-2018-12699 | — | < 2.30-125.el8_10 | 2.30-125.el8_10 | Jun 23, 2018 | finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. |
- affected < 2.41-58.el10_1.2.alma.1fixed 2.41-58.el10_1.2.alma.1
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclos
- affected < 2.41-58.el10_1.2.alma.1fixed 2.41-58.el10_1.2.alma.1
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been pu
- affected < 2.41-58.el10.alma.1fixed 2.41-58.el10.alma.1
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit
- CVE-2022-4285Jan 27, 2023affected < 2.30-119.el8_8.2fixed 2.30-119.el8_8.2
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
- CVE-2021-42574Nov 1, 2021affected < 2.30-108.el8_5.1fixed 2.30-108.el8_5.1
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested
- CVE-2021-20197Mar 26, 2021affected < 2.30-108.el8fixed 2.30-108.el8
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivi
- CVE-2021-20284Mar 26, 2021affected < 2.30-108.el8fixed 2.30-108.el8
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
- CVE-2020-35448Dec 27, 2020affected < 2.30-108.el8fixed 2.30-108.el8
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.
- CVE-2018-12699Jun 23, 2018affected < 2.30-125.el8_10fixed 2.30-125.el8_10
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.