rpm package

suse/binutils&distro=SUSE Enterprise Storage 4

pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%204

Vulnerabilities (69)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-7225	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVE-2017-7224	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVE-2017-7223	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVE-2017-7210	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 21, 2017	objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-7209	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 21, 2017	The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVE-2014-9939	Cri	9.8	< 2.31-9.26.1	2.31-9.26.1	Mar 21, 2017	ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVE-2017-6969	Cri	9.1	< 2.31-9.26.1	2.31-9.26.1	Mar 17, 2017	readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
CVE-2017-6966	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 17, 2017	readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVE-2017-6965	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 17, 2017	readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

CVE-2017-7225HigMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVE-2017-7224MedMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVE-2017-7223HigMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVE-2017-7210MedMar 21, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-7209MedMar 21, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVE-2014-9939CriMar 21, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVE-2017-6969CriMar 17, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
CVE-2017-6966MedMar 17, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVE-2017-6965MedMar 17, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

Page 4 of 4