Vulnerabilities > GNU > Binutils

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2018-20712 Out-of-bounds Read vulnerability in GNU Binutils 2.31.1
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1.
network
low complexity
gnu CWE-125
6.5
2019-01-04 CVE-2018-20673 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.31.1
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
local
low complexity
gnu CWE-190
5.5
2019-01-04 CVE-2018-20671 Integer Overflow or Wraparound vulnerability in GNU Binutils
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
local
low complexity
gnu CWE-190
5.5
2019-01-02 CVE-2018-20657 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
network
low complexity
gnu f5 CWE-772
7.5
2019-01-01 CVE-2018-20651 NULL Pointer Dereference vulnerability in GNU Binutils 2.31.1
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1.
local
low complexity
gnu CWE-476
5.5
2018-12-31 CVE-2018-20623 Use After Free vulnerability in GNU Binutils 2.31.1
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.
local
low complexity
gnu CWE-416
5.5
2018-12-20 CVE-2018-1000876 Integer Overflow or Wraparound vulnerability in multiple products
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow.
local
low complexity
gnu canonical redhat CWE-190
7.8
2018-12-10 CVE-2018-20002 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
local
low complexity
gnu netapp f5 CWE-772
5.5
2018-12-07 CVE-2018-19932 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp CWE-190
5.5
2018-12-07 CVE-2018-19931 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp canonical CWE-787
7.8