rpm package

suse/binutils&distro=SUSE Linux Enterprise Server 12 SP2-BCL

pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Vulnerabilities (96)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-7304	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vuln
CVE-2017-7303	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils uti
CVE-2017-7302	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability cau
CVE-2017-7301	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linke
CVE-2017-7300	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loadin
CVE-2017-7299	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF rel
CVE-2017-7226	Cri	9.1	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several ut
CVE-2017-7225	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVE-2017-7224	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVE-2017-7223	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Mar 22, 2017	GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVE-2017-7210	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 21, 2017	objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-7209	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 21, 2017	The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVE-2014-9939	Cri	9.8	< 2.31-9.26.1	2.31-9.26.1	Mar 21, 2017	ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVE-2017-6969	Cri	9.1	< 2.31-9.26.1	2.31-9.26.1	Mar 17, 2017	readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
CVE-2017-6966	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 17, 2017	readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVE-2017-6965	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Mar 17, 2017	readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

CVE-2017-7304HigMar 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vuln
CVE-2017-7303HigMar 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils uti
CVE-2017-7302HigMar 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability cau
CVE-2017-7301HigMar 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linke
CVE-2017-7300HigMar 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loadin
CVE-2017-7299MedMar 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF rel
CVE-2017-7226CriMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several ut
CVE-2017-7225HigMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVE-2017-7224MedMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVE-2017-7223HigMar 22, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVE-2017-7210MedMar 21, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-7209MedMar 21, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVE-2014-9939CriMar 21, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVE-2017-6969CriMar 17, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
CVE-2017-6966MedMar 17, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
CVE-2017-6965MedMar 17, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

Page 5 of 5