rpm package
suse/binutils&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (69)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7225 | Hig | 7.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 22, 2017 | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | |
| CVE-2017-7224 | Med | 5.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 22, 2017 | The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. | |
| CVE-2017-7223 | Hig | 7.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 22, 2017 | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | |
| CVE-2017-7210 | Med | 5.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 21, 2017 | objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. | |
| CVE-2017-7209 | Med | 5.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 21, 2017 | The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. | |
| CVE-2014-9939 | Cri | 9.8 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 21, 2017 | ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. | |
| CVE-2017-6969 | Cri | 9.1 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 17, 2017 | readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. | |
| CVE-2017-6966 | Med | 5.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 17, 2017 | readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. | |
| CVE-2017-6965 | Med | 5.5 | < 2.31-9.26.1 | 2.31-9.26.1 | Mar 17, 2017 | readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. |
- affected < 2.31-9.26.1fixed 2.31-9.26.1
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
- affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.
Page 4 of 4