Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-06-19 CVE-2017-9745 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
local
low complexity
gnu CWE-119
7.8
2017-06-19 CVE-2017-9744 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
local
low complexity
gnu CWE-119
7.8
2017-06-19 CVE-2017-9743 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
local
low complexity
gnu CWE-119
7.8
2017-06-19 CVE-2017-9742 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
local
low complexity
gnu CWE-119
7.8
2017-06-16 CVE-2017-7507 NULL Pointer Dereference vulnerability in GNU Gnutls
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents.
network
low complexity
gnu CWE-476
7.5
2017-06-12 CVE-2014-9984 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
network
low complexity
gnu CWE-119
critical
9.8
2017-06-07 CVE-2016-4973 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libssp
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
local
low complexity
gnu CWE-119
7.8
2017-05-22 CVE-2017-6891 Out-of-bounds Write vulnerability in multiple products
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g.
network
low complexity
gnu debian apache CWE-787
8.8
2017-05-18 CVE-2017-9044 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-05-18 CVE-2017-9043 Improper Input Validation vulnerability in GNU Binutils 2.28
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
local
low complexity
gnu CWE-20
7.8