Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-03-24 CVE-2017-5335 Out-of-bounds Read vulnerability in multiple products
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
network
low complexity
opensuse gnu CWE-125
7.5
2017-03-24 CVE-2017-5334 Double Free vulnerability in multiple products
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
network
low complexity
opensuse gnu CWE-415
critical
9.8
2017-03-22 CVE-2017-7227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash.
network
low complexity
gnu CWE-119
7.5
2017-03-22 CVE-2017-7226 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings.
network
low complexity
gnu CWE-125
critical
9.1
2017-03-22 CVE-2017-7225 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
network
low complexity
gnu CWE-476
7.5
2017-03-22 CVE-2017-7224 Out-of-bounds Write vulnerability in GNU Binutils 2.28
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
local
low complexity
gnu CWE-787
5.5
2017-03-22 CVE-2017-7223 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
network
low complexity
gnu CWE-119
7.5
2017-03-21 CVE-2017-7210 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
local
low complexity
gnu CWE-119
5.5
2017-03-21 CVE-2017-7209 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
local
low complexity
gnu CWE-476
5.5
2017-03-21 CVE-2014-9939 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
network
low complexity
gnu CWE-119
critical
9.8