Vulnerabilities > GNU > Binutils > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-24 | CVE-2019-9073 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. | 4.3 |
| 2019-02-24 | CVE-2019-9072 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. | 4.3 |
| 2019-02-24 | CVE-2019-9071 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. | 4.3 |
| 2019-01-15 | CVE-2018-20712 | Out-of-bounds Read vulnerability in GNU Binutils 2.31.1 A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. | 4.3 |
| 2019-01-04 | CVE-2018-20673 | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.31.1 The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. | 4.3 |
| 2019-01-04 | CVE-2018-20671 | Integer Overflow or Wraparound vulnerability in GNU Binutils load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. | 5.5 |
| 2019-01-02 | CVE-2018-20657 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | 5.0 |
| 2019-01-01 | CVE-2018-20651 | NULL Pointer Dereference vulnerability in GNU Binutils 2.31.1 A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. | 5.5 |
| 2018-12-31 | CVE-2018-20623 | Use After Free vulnerability in GNU Binutils 2.31.1 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. | 4.3 |
| 2018-12-10 | CVE-2018-20002 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. | 5.5 |