Vulnerabilities > GNU > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-29 CVE-2017-7301 Improper Input Validation vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset.
network
low complexity
gnu CWE-20
7.5
2017-03-29 CVE-2017-7300 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
network
low complexity
gnu CWE-125
7.5
2017-03-27 CVE-2017-5932 Improper Input Validation vulnerability in GNU Bash 4.4
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
local
low complexity
gnu CWE-20
7.8
2017-03-24 CVE-2017-5335 Out-of-bounds Read vulnerability in multiple products
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
network
low complexity
opensuse gnu CWE-125
7.5
2017-03-22 CVE-2017-7227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash.
network
low complexity
gnu CWE-119
7.5
2017-03-22 CVE-2017-7225 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
network
low complexity
gnu CWE-476
7.5
2017-03-22 CVE-2017-7223 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
network
low complexity
gnu CWE-119
7.5
2017-03-20 CVE-2017-5618 Incorrect Authorization vulnerability in GNU Screen
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
local
low complexity
gnu CWE-863
7.8
2017-03-20 CVE-2015-8983 Integer Overflow or Wraparound vulnerability in GNU Glibc
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
network
high complexity
gnu CWE-190
8.1
2017-03-15 CVE-2015-8982 Integer Overflow or Wraparound vulnerability in GNU Glibc
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
network
high complexity
gnu CWE-190
8.1