rpm package
suse/binutils&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
Vulnerabilities (57)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14974 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Oct 2, 2017 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and a | |
| CVE-2017-14745 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 26, 2017 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and a | |
| CVE-2017-14729 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 25, 2017 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio | |
| CVE-2017-14529 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 18, 2017 | The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application cra | |
| CVE-2017-14333 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 12, 2017 | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_ne | |
| CVE-2017-14130 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 4, 2017 | The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a | |
| CVE-2017-14129 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 4, 2017 | The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. | |
| CVE-2017-14128 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Sep 4, 2017 | The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. | |
| CVE-2017-13757 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to el | |
| CVE-2017-12799 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 10, 2017 | The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. | |
| CVE-2017-12456 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 4, 2017 | The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. | |
| CVE-2017-12454 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 4, 2017 | The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. | |
| CVE-2017-12453 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 4, 2017 | The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. | |
| CVE-2017-12452 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 4, 2017 | The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. | |
| CVE-2017-12450 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 4, 2017 | The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha f | |
| CVE-2017-12448 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Aug 4, 2017 | The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. Thi | |
| CVE-2017-9955 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Jun 26, 2017 | The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size | |
| CVE-2017-9954 | Med | 5.5 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Jun 26, 2017 | The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by | |
| CVE-2017-9756 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Jun 19, 2017 | The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of | |
| CVE-2017-9755 | Hig | 7.8 | < 2.29.1-9.20.2 | 2.29.1-9.20.2 | Jun 19, 2017 | opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated |
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and a
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and a
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application cra
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_ne
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to el
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha f
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. Thi
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of
- affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2
opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated
Page 1 of 3