Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-08-04 CVE-2017-12452 Out-of-bounds Read vulnerability in GNU Binutils
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
local
low complexity
gnu CWE-125
7.8
2017-08-04 CVE-2017-12451 Out-of-bounds Read vulnerability in GNU Binutils
The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.
local
low complexity
gnu CWE-125
7.8
2017-08-04 CVE-2017-12450 Out-of-bounds Write vulnerability in GNU Binutils
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.
local
low complexity
gnu CWE-787
7.8
2017-08-04 CVE-2017-12449 Out-of-bounds Read vulnerability in GNU Binutils
The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.
local
low complexity
gnu CWE-125
7.8
2017-08-04 CVE-2017-12448 Use After Free vulnerability in GNU Binutils
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file.
local
low complexity
gnu CWE-416
7.8
2017-08-01 CVE-2017-12132 Allocation of Resources Without Limits or Throttling vulnerability in GNU Glibc
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
network
high complexity
gnu CWE-770
5.9
2017-07-26 CVE-2017-11671 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported.
local
low complexity
gnu CWE-338
4.0
2017-07-08 CVE-2017-11113 NULL Pointer Dereference vulnerability in GNU Ncurses 6.0
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c.
network
low complexity
gnu CWE-476
7.5
2017-07-08 CVE-2017-11112 Improper Input Validation vulnerability in GNU Ncurses 6.0
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c.
network
low complexity
gnu CWE-20
7.5
2017-07-02 CVE-2017-10792 NULL Pointer Dereference vulnerability in GNU Pspp 0.10.5Pre2
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0.
network
low complexity
gnu CWE-476
6.5