Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-07-02 CVE-2017-10791 Integer Overflow or Wraparound vulnerability in GNU Pspp 0.10.5Pre2
There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0.
network
low complexity
gnu CWE-190
6.5
2017-07-02 CVE-2017-10790 NULL Pointer Dereference vulnerability in GNU Libtasn1
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure.
network
low complexity
gnu CWE-476
7.5
2017-06-29 CVE-2017-10685 Use of Externally-Controlled Format String vulnerability in GNU Ncurses 6.0
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function.
network
low complexity
gnu CWE-134
critical
9.8
2017-06-29 CVE-2017-10684 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function.
network
low complexity
gnu CWE-119
critical
9.8
2017-06-27 CVE-2015-5180 NULL Pointer Dereference vulnerability in multiple products
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
network
low complexity
canonical gnu CWE-476
7.5
2017-06-26 CVE-2017-9955 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
local
low complexity
gnu CWE-125
5.5
2017-06-26 CVE-2017-9954 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.
local
low complexity
gnu CWE-125
5.5
2017-06-21 CVE-2017-9778 Allocation of Resources Without Limits or Throttling vulnerability in GNU GDB
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section.
local
low complexity
gnu CWE-770
5.5
2017-06-19 CVE-2017-1000366 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.
7.8
2017-06-19 CVE-2017-9756 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
local
low complexity
gnu CWE-119
7.8