Binutils
by GNU
Source repositories
CVEs (273)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-47696 | 0.00 | — | 0.00 | Aug 22, 2023 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | |||
| CVE-2020-21490 | 0.00 | — | 0.00 | Aug 22, 2023 | An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. | |||
| CVE-2022-47008 | 0.00 | — | 0.00 | Aug 22, 2023 | An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||
| CVE-2022-48064 | 0.00 | — | 0.01 | Aug 22, 2023 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | |||
| CVE-2022-47010 | 0.00 | — | 0.00 | Aug 22, 2023 | An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||
| CVE-2022-48065 | 0.00 | — | 0.01 | Aug 22, 2023 | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | |||
| CVE-2021-46174 | 0.00 | — | 0.01 | Aug 22, 2023 | Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. | |||
| CVE-2022-35205 | 0.00 | — | 0.00 | Aug 22, 2023 | An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. | |||
| CVE-2020-35342 | 0.00 | — | 0.01 | Aug 22, 2023 | GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | |||
| CVE-2021-32256 | 0.00 | — | 0.01 | Jul 18, 2023 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. | |||
| CVE-2023-1972 | 0.00 | — | 0.01 | May 17, 2023 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | |||
| CVE-2023-1579 | 0.00 | — | 0.00 | Apr 3, 2023 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | |||
| CVE-2022-4285 | 0.00 | — | 0.00 | Jan 27, 2023 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||
| CVE-2022-38533 | 0.00 | — | 0.00 | Aug 25, 2022 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | |||
| CVE-2021-45078 | 0.00 | — | 0.01 | Dec 15, 2021 | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix… | |||
| CVE-2021-3530 | 0.00 | — | 0.02 | Jun 2, 2021 | A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. | |||
| CVE-2021-3549 | 0.00 | — | 0.01 | May 26, 2021 | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this… | |||
| CVE-2021-20294 | 0.00 | — | 0.03 | Apr 29, 2021 | A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to… | |||
| CVE-2021-20197 | 0.00 | — | 0.00 | Mar 26, 2021 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an… | |||
| CVE-2021-20284 | 0.00 | — | 0.01 | Mar 26, 2021 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. |
- CVE-2022-47696Aug 22, 2023risk 0.00cvss —epss 0.00
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
- CVE-2020-21490Aug 22, 2023risk 0.00cvss —epss 0.00
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
- CVE-2022-47008Aug 22, 2023risk 0.00cvss —epss 0.00
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
- CVE-2022-48064Aug 22, 2023risk 0.00cvss —epss 0.01
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
- CVE-2022-47010Aug 22, 2023risk 0.00cvss —epss 0.00
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
- CVE-2022-48065Aug 22, 2023risk 0.00cvss —epss 0.01
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
- CVE-2021-46174Aug 22, 2023risk 0.00cvss —epss 0.01
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
- CVE-2022-35205Aug 22, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
- CVE-2020-35342Aug 22, 2023risk 0.00cvss —epss 0.01
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
- CVE-2021-32256Jul 18, 2023risk 0.00cvss —epss 0.01
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
- CVE-2023-1972May 17, 2023risk 0.00cvss —epss 0.01
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
- CVE-2023-1579Apr 3, 2023risk 0.00cvss —epss 0.00
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
- CVE-2022-4285Jan 27, 2023risk 0.00cvss —epss 0.00
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
- CVE-2022-38533Aug 25, 2022risk 0.00cvss —epss 0.00
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
- CVE-2021-45078Dec 15, 2021risk 0.00cvss —epss 0.01
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix…
- CVE-2021-3530Jun 2, 2021risk 0.00cvss —epss 0.02
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
- CVE-2021-3549May 26, 2021risk 0.00cvss —epss 0.01
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this…
- CVE-2021-20294Apr 29, 2021risk 0.00cvss —epss 0.03
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to…
- CVE-2021-20197Mar 26, 2021risk 0.00cvss —epss 0.00
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an…
- CVE-2021-20284Mar 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
Page 11 of 14