rpm package

suse/binutils&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Vulnerabilities (37)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-25585	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Sep 14, 2023	A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
CVE-2023-25588	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Sep 14, 2023	A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
CVE-2022-48065	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48064	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48063	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-47696	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
CVE-2022-47695	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
CVE-2022-47673	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
CVE-2022-45703	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
CVE-2022-44840	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
CVE-2022-35206	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
CVE-2022-35205	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
CVE-2020-19726	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Aug 22, 2023	An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
CVE-2021-32256	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Jul 18, 2023	An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
CVE-2023-1972	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	May 17, 2023	A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-1579	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Apr 3, 2023	Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVE-2023-0687	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Feb 6, 2023	A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix thi
CVE-2022-4285	—	< 2.41-150100.7.46.1	2.41-150100.7.46.1	Jan 27, 2023	An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
CVE-2021-3826	—	< 2.39-150100.7.40.1	2.39-150100.7.40.1	Sep 1, 2022	Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
CVE-2022-38533	—	< 2.39-150100.7.40.1	2.39-150100.7.40.1	Aug 25, 2022	In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

CVE-2023-25585Sep 14, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
CVE-2023-25588Sep 14, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
CVE-2022-48065Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48064Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48063Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-47696Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
CVE-2022-47695Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
CVE-2022-47673Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
CVE-2022-45703Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
CVE-2022-44840Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
CVE-2022-35206Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
CVE-2022-35205Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
CVE-2020-19726Aug 22, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
CVE-2021-32256Jul 18, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
CVE-2023-1972May 17, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-1579Apr 3, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVE-2023-0687Feb 6, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix thi
CVE-2022-4285Jan 27, 2023
affected < 2.41-150100.7.46.1fixed 2.41-150100.7.46.1
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
CVE-2021-3826Sep 1, 2022
affected < 2.39-150100.7.40.1fixed 2.39-150100.7.40.1
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
CVE-2022-38533Aug 25, 2022
affected < 2.39-150100.7.40.1fixed 2.39-150100.7.40.1
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Page 1 of 2