Vulnerabilities > GNU > Binutils > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-20197 | Link Following vulnerability in multiple products There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. | 6.3 |
| 2021-01-04 | CVE-2020-35507 | NULL Pointer Dereference vulnerability in multiple products There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. | 5.5 |
| 2021-01-04 | CVE-2020-35496 | NULL Pointer Dereference vulnerability in multiple products There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. | 5.5 |
| 2021-01-04 | CVE-2020-35495 | NULL Pointer Dereference vulnerability in multiple products There's a flaw in binutils /bfd/pef.c. | 5.5 |
| 2021-01-04 | CVE-2020-35494 | Use of Uninitialized Resource vulnerability in multiple products There's a flaw in binutils /opcodes/tic4x-dis.c. | 6.1 |
| 2021-01-04 | CVE-2020-35493 | Improper Input Validation vulnerability in multiple products A flaw exists in binutils in bfd/pef.c. | 5.5 |
| 2020-12-09 | CVE-2020-16599 | NULL Pointer Dereference vulnerability in multiple products A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | 5.5 |
| 2020-12-09 | CVE-2020-16593 | NULL Pointer Dereference vulnerability in multiple products A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. | 5.5 |
| 2020-12-09 | CVE-2020-16592 | Use After Free vulnerability in multiple products A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | 5.5 |
| 2020-12-09 | CVE-2020-16591 | Out-of-bounds Read vulnerability in multiple products A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. | 5.5 |