Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2018-12-10 CVE-2018-20002 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
local
low complexity
gnu netapp f5 CWE-772
5.5
5.5
2018-12-07 CVE-2018-19932 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp CWE-190
5.5
5.5
2018-12-07 CVE-2018-19931 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31.
local
low complexity
gnu netapp canonical CWE-787
7.8
7.8
2018-12-04 CVE-2018-19591 Improper Input Validation vulnerability in multiple products
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed.
network
low complexity
gnu fedoraproject CWE-20
7.5
7.5
2018-12-03 CVE-2018-16868 Information Exposure Through Discrepancy vulnerability in GNU Gnutls
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data.
high complexity
gnu CWE-203
5.6
5.6
2018-11-12 CVE-2018-19217 NULL Pointer Dereference vulnerability in GNU Ncurses 6.1
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack.
network
low complexity
gnu CWE-476
6.5
6.5
2018-11-12 CVE-2018-19211 NULL Pointer Dereference vulnerability in GNU Ncurses 6.1
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack.
network
gnu CWE-476
4.3
4.3
2018-10-29 CVE-2018-18751 Double Free vulnerability in multiple products
An issue was discovered in GNU gettext 0.19.8.
network
low complexity
gnu canonical redhat CWE-415
7.5
7.5
2018-10-29 CVE-2018-18701 Infinite Loop vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
network
gnu CWE-835
4.3
4.3
2018-10-29 CVE-2018-18700 Infinite Loop vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
network
gnu CWE-835
4.3
4.3