Vulnerabilities > GNU > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-02 | CVE-2017-8421 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Binutils 2.28 The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. | 5.5 |
| 2017-03-29 | CVE-2017-7299 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. | 5.5 |
| 2017-03-22 | CVE-2017-7224 | Out-of-bounds Write vulnerability in GNU Binutils 2.28 The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. | 5.5 |
| 2017-03-21 | CVE-2017-7210 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. | 5.5 |
| 2017-03-21 | CVE-2017-7209 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. | 5.5 |
| 2017-03-20 | CVE-2015-8985 | Data Processing Errors vulnerability in GNU Glibc 2.0.1 The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | 5.9 |
| 2017-03-20 | CVE-2015-8984 | Out-of-bounds Read vulnerability in GNU Glibc The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. | 5.9 |
| 2017-03-17 | CVE-2017-6966 | Use After Free vulnerability in GNU Binutils 2.28 readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. | 5.5 |
| 2017-03-17 | CVE-2017-6965 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. | 5.5 |
| 2017-03-07 | CVE-2017-6508 | CRLF Injection vulnerability in GNU Wget CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | 6.1 |