rpm package
opensuse/binutils&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed
Vulnerabilities (156)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18605 | — | < 2.37-1.3 | 2.37-1.3 | Oct 23, 2018 | A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple | ||
| CVE-2018-18484 | — | < 2.37-1.3 | 2.37-1.3 | Oct 18, 2018 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_fu | ||
| CVE-2018-18483 | — | < 2.37-1.3 | 2.37-1.3 | Oct 18, 2018 | The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, | ||
| CVE-2018-18309 | — | < 2.37-1.3 | 2.37-1.3 | Oct 15, 2018 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads t | ||
| CVE-2018-17985 | — | < 2.37-1.3 | 2.37-1.3 | Oct 4, 2018 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. | ||
| CVE-2018-17360 | — | < 2.37-1.3 | 2.37-1.3 | Sep 23, 2018 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be trig | ||
| CVE-2018-17359 | — | < 2.37-1.3 | 2.37-1.3 | Sep 23, 2018 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a cra | ||
| CVE-2018-17358 | — | < 2.37-1.3 | 2.37-1.3 | Sep 23, 2018 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (appli | ||
| CVE-2018-10535 | — | < 2.37-1.3 | 2.37-1.3 | Apr 29, 2018 | The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attac | ||
| CVE-2018-10534 | — | < 2.37-1.3 | 2.37-1.3 | Apr 29, 2018 | The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIR | ||
| CVE-2018-10373 | — | < 2.37-1.3 | 2.37-1.3 | Apr 25, 2018 | concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. | ||
| CVE-2018-10372 | — | < 2.37-1.3 | 2.37-1.3 | Apr 25, 2018 | process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | ||
| CVE-2018-8945 | — | < 2.37-1.3 | 2.37-1.3 | Mar 22, 2018 | The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. | ||
| CVE-2018-7643 | — | < 2.37-1.3 | 2.37-1.3 | Mar 2, 2018 | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. | ||
| CVE-2018-7642 | — | < 2.37-1.3 | 2.37-1.3 | Mar 2, 2018 | The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted | ||
| CVE-2018-7570 | — | < 2.37-1.3 | 2.37-1.3 | Feb 28, 2018 | The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file w | ||
| CVE-2018-7569 | — | < 2.37-1.3 | 2.37-1.3 | Feb 28, 2018 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by | ||
| CVE-2018-7568 | — | < 2.37-1.3 | 2.37-1.3 | Feb 28, 2018 | The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, a | ||
| CVE-2018-7208 | — | < 2.37-1.3 | 2.37-1.3 | Feb 18, 2018 | In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified | ||
| CVE-2018-6872 | — | < 2.37-1.3 | 2.37-1.3 | Feb 9, 2018 | The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. |
- CVE-2018-18605Oct 23, 2018affected < 2.37-1.3fixed 2.37-1.3
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple
- CVE-2018-18484Oct 18, 2018affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_fu
- CVE-2018-18483Oct 18, 2018affected < 2.37-1.3fixed 2.37-1.3
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string,
- CVE-2018-18309Oct 15, 2018affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads t
- CVE-2018-17985Oct 4, 2018affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
- CVE-2018-17360Sep 23, 2018affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be trig
- CVE-2018-17359Sep 23, 2018affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a cra
- CVE-2018-17358Sep 23, 2018affected < 2.37-1.3fixed 2.37-1.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (appli
- CVE-2018-10535Apr 29, 2018affected < 2.37-1.3fixed 2.37-1.3
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attac
- CVE-2018-10534Apr 29, 2018affected < 2.37-1.3fixed 2.37-1.3
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIR
- CVE-2018-10373Apr 25, 2018affected < 2.37-1.3fixed 2.37-1.3
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
- CVE-2018-10372Apr 25, 2018affected < 2.37-1.3fixed 2.37-1.3
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
- CVE-2018-8945Mar 22, 2018affected < 2.37-1.3fixed 2.37-1.3
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
- CVE-2018-7643Mar 2, 2018affected < 2.37-1.3fixed 2.37-1.3
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
- CVE-2018-7642Mar 2, 2018affected < 2.37-1.3fixed 2.37-1.3
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted
- CVE-2018-7570Feb 28, 2018affected < 2.37-1.3fixed 2.37-1.3
The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file w
- CVE-2018-7569Feb 28, 2018affected < 2.37-1.3fixed 2.37-1.3
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by
- CVE-2018-7568Feb 28, 2018affected < 2.37-1.3fixed 2.37-1.3
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, a
- CVE-2018-7208Feb 18, 2018affected < 2.37-1.3fixed 2.37-1.3
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified
- CVE-2018-6872Feb 9, 2018affected < 2.37-1.3fixed 2.37-1.3
The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.
Page 5 of 8