Vulnerabilities > GNU > Binutils > 2.28
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-18 | CVE-2017-9039 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | 5.5 |
| 2017-05-18 | CVE-2017-9038 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | 5.5 |
| 2017-05-02 | CVE-2017-8421 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Binutils 2.28 The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. | 7.1 |
| 2017-05-01 | CVE-2017-8398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. | 5.0 |
| 2017-05-01 | CVE-2017-8397 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. | 5.0 |
| 2017-05-01 | CVE-2017-8396 | Improper Input Validation vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. | 5.0 |
| 2017-05-01 | CVE-2017-8395 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. | 5.0 |
| 2017-05-01 | CVE-2017-8394 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. | 5.0 |
| 2017-05-01 | CVE-2017-8393 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. | 5.0 |
| 2017-05-01 | CVE-2017-8392 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. | 5.0 |