Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2018-10-29 CVE-2018-18701 Infinite Loop vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-835
5.5
2018-10-29 CVE-2018-18700 Infinite Loop vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-835
5.5
2018-10-23 CVE-2018-18607 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu debian netapp CWE-476
5.5
2018-10-23 CVE-2018-18606 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu debian netapp CWE-476
5.5
2018-10-23 CVE-2018-18605 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize.
local
low complexity
gnu debian netapp CWE-125
5.5
2018-10-18 CVE-2018-18484 Uncontrolled Recursion vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-674
5.5
2018-10-18 CVE-2018-18483 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.31
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.
local
low complexity
gnu CWE-190
7.8
2018-10-15 CVE-2018-18309 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.31
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-119
5.5
2018-10-04 CVE-2018-17985 Resource Exhaustion vulnerability in GNU Binutils 2.31
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.
local
low complexity
gnu CWE-400
5.5
2018-10-03 CVE-2018-17942 Out-of-bounds Write vulnerability in GNU Gnulib
The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
network
low complexity
gnu CWE-787
8.8