rpm package
opensuse/binutils&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed
Vulnerabilities (156)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32256 | — | < 2.41-1.2 | 2.41-1.2 | Jul 18, 2023 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. | ||
| CVE-2023-1972 | — | < 2.41-1.2 | 2.41-1.2 | May 17, 2023 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | ||
| CVE-2023-1579 | — | < 2.41-1.2 | 2.41-1.2 | Apr 3, 2023 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | ||
| CVE-2023-0687 | — | < 2.40-3.1 | 2.40-3.1 | Feb 6, 2023 | A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix thi | ||
| CVE-2022-4285 | — | < 2.40-1.1 | 2.40-1.1 | Jan 27, 2023 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | ||
| CVE-2021-3826 | — | < 2.39-2.1 | 2.39-2.1 | Sep 1, 2022 | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||
| CVE-2022-38533 | — | < 2.39-2.1 | 2.39-2.1 | Aug 25, 2022 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | ||
| CVE-2022-27943 | — | < 2.39-2.1 | 2.39-2.1 | Mar 26, 2022 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | ||
| CVE-2021-46195 | — | < 2.39-2.1 | 2.39-2.1 | Jan 14, 2022 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | ||
| CVE-2021-45078 | — | < 2.39-2.1 | 2.39-2.1 | Dec 15, 2021 | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for | ||
| CVE-2021-20294 | — | < 2.37-3.1 | 2.37-3.1 | Apr 29, 2021 | A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confid | ||
| CVE-2021-20197 | — | < 2.37-1.3 | 2.37-1.3 | Mar 26, 2021 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivi | ||
| CVE-2021-20284 | — | < 2.37-1.3 | 2.37-1.3 | Mar 26, 2021 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-35507 | — | < 2.37-1.3 | 2.37-1.3 | Jan 4, 2021 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application | ||
| CVE-2020-35496 | — | < 2.37-1.3 | 2.37-1.3 | Jan 4, 2021 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw af | ||
| CVE-2020-35493 | — | < 2.37-1.3 | 2.37-1.3 | Jan 4, 2021 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.3 | ||
| CVE-2020-35448 | — | < 2.37-1.3 | 2.37-1.3 | Dec 27, 2020 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf. | ||
| CVE-2020-16599 | — | < 2.37-1.3 | 2.37-1.3 | Dec 9, 2020 | A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | ||
| CVE-2020-16593 | — | < 2.37-1.3 | 2.37-1.3 | Dec 9, 2020 | A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. | ||
| CVE-2020-16592 | — | < 2.37-1.3 | 2.37-1.3 | Dec 9, 2020 | A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. |
- CVE-2021-32256Jul 18, 2023affected < 2.41-1.2fixed 2.41-1.2
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
- CVE-2023-1972May 17, 2023affected < 2.41-1.2fixed 2.41-1.2
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
- CVE-2023-1579Apr 3, 2023affected < 2.41-1.2fixed 2.41-1.2
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
- CVE-2023-0687Feb 6, 2023affected < 2.40-3.1fixed 2.40-3.1
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix thi
- CVE-2022-4285Jan 27, 2023affected < 2.40-1.1fixed 2.40-1.1
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
- CVE-2021-3826Sep 1, 2022affected < 2.39-2.1fixed 2.39-2.1
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
- CVE-2022-38533Aug 25, 2022affected < 2.39-2.1fixed 2.39-2.1
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
- CVE-2022-27943Mar 26, 2022affected < 2.39-2.1fixed 2.39-2.1
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
- CVE-2021-46195Jan 14, 2022affected < 2.39-2.1fixed 2.39-2.1
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
- CVE-2021-45078Dec 15, 2021affected < 2.39-2.1fixed 2.39-2.1
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for
- CVE-2021-20294Apr 29, 2021affected < 2.37-3.1fixed 2.37-3.1
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confid
- CVE-2021-20197Mar 26, 2021affected < 2.37-1.3fixed 2.37-1.3
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivi
- CVE-2021-20284Mar 26, 2021affected < 2.37-1.3fixed 2.37-1.3
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
- CVE-2020-35507Jan 4, 2021affected < 2.37-1.3fixed 2.37-1.3
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application
- CVE-2020-35496Jan 4, 2021affected < 2.37-1.3fixed 2.37-1.3
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw af
- CVE-2020-35493Jan 4, 2021affected < 2.37-1.3fixed 2.37-1.3
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.3
- CVE-2020-35448Dec 27, 2020affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.
- CVE-2020-16599Dec 9, 2020affected < 2.37-1.3fixed 2.37-1.3
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
- CVE-2020-16593Dec 9, 2020affected < 2.37-1.3fixed 2.37-1.3
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
- CVE-2020-16592Dec 9, 2020affected < 2.37-1.3fixed 2.37-1.3
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
Page 3 of 8