Vulnerabilities > GNU > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-22 CVE-2017-7224 Out-of-bounds Write vulnerability in GNU Binutils 2.28
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
local
low complexity
gnu CWE-787
5.5
2017-03-21 CVE-2017-7210 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
local
low complexity
gnu CWE-119
5.5
2017-03-21 CVE-2017-7209 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
local
low complexity
gnu CWE-476
5.5
2017-03-20 CVE-2015-8985 Data Processing Errors vulnerability in GNU Glibc
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
network
high complexity
gnu CWE-19
5.9
2017-03-20 CVE-2015-8984 Out-of-bounds Read vulnerability in GNU Glibc
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
network
high complexity
gnu CWE-125
5.9
2017-03-17 CVE-2017-6966 Use After Free vulnerability in GNU Binutils 2.28
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary.
local
low complexity
gnu CWE-416
5.5
2017-03-17 CVE-2017-6965 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.
local
low complexity
gnu CWE-119
5.5
2017-03-07 CVE-2017-6508 CRLF Injection vulnerability in GNU Wget
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
network
low complexity
gnu CWE-93
6.1
2017-03-02 CVE-2016-10228 Improper Input Validation vulnerability in GNU Glibc
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
network
high complexity
gnu CWE-20
5.9
2017-02-24 CVE-2016-4493 Out-of-bounds Read vulnerability in GNU Libiberty
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.
local
low complexity
gnu CWE-125
5.5