Vulnerabilities > GNU > Binutils

DATE CVE VULNERABILITY TITLE RISK
2017-05-01 CVE-2017-8395 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function.
network
low complexity
gnu CWE-476
7.5
2017-05-01 CVE-2017-8394 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section.
network
low complexity
gnu CWE-476
7.5
2017-05-01 CVE-2017-8393 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix.
network
low complexity
gnu CWE-125
7.5
2017-05-01 CVE-2017-8392 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function.
network
low complexity
gnu CWE-476
7.5
2017-04-09 CVE-2017-7614 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
network
low complexity
gnu CWE-476
critical
9.8
2017-03-29 CVE-2017-7304 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it.
network
low complexity
gnu CWE-125
7.5
2017-03-29 CVE-2017-7303 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them.
network
low complexity
gnu CWE-125
7.5
2017-03-29 CVE-2017-7302 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised.
network
low complexity
gnu CWE-125
7.5
2017-03-29 CVE-2017-7301 Improper Input Validation vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset.
network
low complexity
gnu CWE-20
7.5
2017-03-29 CVE-2017-7300 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
network
low complexity
gnu CWE-125
7.5