Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-05-01 CVE-2017-8393 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix.
network
low complexity
gnu CWE-125
7.5
2017-05-01 CVE-2017-8392 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function.
network
low complexity
gnu CWE-476
7.5
2017-04-14 CVE-2017-7869 Out-of-bounds Write vulnerability in GNU Gnutls
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c.
network
low complexity
gnu CWE-787
7.5
2017-04-13 CVE-2017-7853 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Osip 5.0.0
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
network
low complexity
gnu CWE-119
7.5
2017-04-13 CVE-2016-10326 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Osip 4.1.0
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.
network
low complexity
gnu CWE-119
7.5
2017-04-13 CVE-2016-10325 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Osip 4.1.0
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.
network
low complexity
gnu CWE-119
7.5
2017-04-13 CVE-2016-10324 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Osip 4.1.0
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.
network
low complexity
gnu CWE-119
critical
9.8
2017-04-13 CVE-2015-8107 Use of Externally-Controlled Format String vulnerability in GNU A2Ps 4.14
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
local
low complexity
gnu CWE-134
7.8
2017-04-09 CVE-2017-7614 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
network
low complexity
gnu CWE-476
critical
9.8
2017-03-29 CVE-2017-7304 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it.
network
low complexity
gnu CWE-125
7.5