Binutils
Sign in to watchby N/a
CVEs (17)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20294 | 0.02 | — | 0.23 | Apr 29, 2021 | A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2023-25584 | 0.00 | — | 0.00 | Sep 14, 2023 | An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. | ||
| CVE-2023-25585 | 0.00 | — | 0.00 | Sep 14, 2023 | A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. | ||
| CVE-2023-25586 | 0.00 | — | 0.00 | Sep 14, 2023 | A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. | ||
| CVE-2023-25588 | 0.00 | — | 0.00 | Sep 14, 2023 | A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. | ||
| CVE-2023-1972 | 0.00 | — | 0.00 | May 17, 2023 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | ||
| CVE-2023-1579 | 0.00 | — | 0.00 | Apr 3, 2023 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | ||
| CVE-2022-4285 | 0.00 | — | 0.00 | Jan 27, 2023 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | ||
| CVE-2021-3530 | 0.00 | — | 0.00 | Jun 2, 2021 | A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | ||
| CVE-2021-3549 | 0.00 | — | 0.00 | May 26, 2021 | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | ||
| CVE-2021-20197 | 0.00 | — | 0.00 | Mar 26, 2021 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | ||
| CVE-2021-20284 | 0.00 | — | 0.00 | Mar 26, 2021 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-35507 | 0.00 | — | 0.00 | Jan 4, 2021 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. | ||
| CVE-2020-35496 | 0.00 | — | 0.00 | Jan 4, 2021 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | ||
| CVE-2020-35495 | 0.00 | — | 0.00 | Jan 4, 2021 | There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | ||
| CVE-2020-35494 | 0.00 | — | 0.00 | Jan 4, 2021 | There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | ||
| CVE-2020-35493 | 0.00 | — | 0.00 | Jan 4, 2021 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. |