rpm package
opensuse/cross-mips-binutils&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.2
Vulnerabilities (20)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20294 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Apr 29, 2021 | A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confid | ||
| CVE-2021-20197 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Mar 26, 2021 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivi | ||
| CVE-2021-20284 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Mar 26, 2021 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-35507 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Jan 4, 2021 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application | ||
| CVE-2020-35496 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Jan 4, 2021 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw af | ||
| CVE-2020-35493 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Jan 4, 2021 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.3 | ||
| CVE-2020-35448 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Dec 27, 2020 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf. | ||
| CVE-2020-16599 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Dec 9, 2020 | A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | ||
| CVE-2020-16593 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Dec 9, 2020 | A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. | ||
| CVE-2020-16592 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Dec 9, 2020 | A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | ||
| CVE-2020-16591 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Dec 9, 2020 | A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. | ||
| CVE-2020-16590 | — | < 2.37-lp152.4.9.1 | 2.37-lp152.4.9.1 | Dec 9, 2020 | A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. | ||
| CVE-2019-17450 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Oct 10, 2019 | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | ||
| CVE-2019-17451 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Oct 10, 2019 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | ||
| CVE-2019-14444 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Jul 30, 2019 | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. | ||
| CVE-2019-14250 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Jul 24, 2019 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. | ||
| CVE-2019-12972 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Jun 26, 2019 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a | ||
| CVE-2019-9077 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Feb 24, 2019 | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. | ||
| CVE-2019-9075 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Feb 24, 2019 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | ||
| CVE-2019-9074 | — | < 2.35-lp152.4.3.1 | 2.35-lp152.4.3.1 | Feb 24, 2019 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. |
- CVE-2021-20294Apr 29, 2021affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confid
- CVE-2021-20197Mar 26, 2021affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivi
- CVE-2021-20284Mar 26, 2021affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
- CVE-2020-35507Jan 4, 2021affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application
- CVE-2020-35496Jan 4, 2021affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw af
- CVE-2020-35493Jan 4, 2021affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.3
- CVE-2020-35448Dec 27, 2020affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.
- CVE-2020-16599Dec 9, 2020affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
- CVE-2020-16593Dec 9, 2020affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
- CVE-2020-16592Dec 9, 2020affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
- CVE-2020-16591Dec 9, 2020affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
- CVE-2020-16590Dec 9, 2020affected < 2.37-lp152.4.9.1fixed 2.37-lp152.4.9.1
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
- CVE-2019-17450Oct 10, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
- CVE-2019-17451Oct 10, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
- CVE-2019-14444Jul 30, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
- CVE-2019-14250Jul 24, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
- CVE-2019-12972Jun 26, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a
- CVE-2019-9077Feb 24, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
- CVE-2019-9075Feb 24, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
- CVE-2019-9074Feb 24, 2019affected < 2.35-lp152.4.3.1fixed 2.35-lp152.4.3.1
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.