GNU
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any GNU product.
RSS Feeds for GNU security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in GNU products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by GNU Sorted by Most Security Vulnerabilities since 2018
Known Exploited GNU Vulnerabilities
The following GNU vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| GNU InetUtils Argument Injection Vulnerability |
GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable. CVE-2026-24061 Exploit Probability: 72.5% |
January 26, 2026 |
| GNU Bash OS Command Injection Vulnerability |
GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. CVE-2014-6278 Exploit Probability: 90.1% |
October 2, 2025 |
| GNU C Library Buffer Overflow Vulnerability |
GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. CVE-2023-4911 Exploit Probability: 59.5% |
November 21, 2023 |
| GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. CVE-2014-6271 Exploit Probability: 94.2% |
January 28, 2022 |
| GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. CVE-2014-7169 Exploit Probability: 90.1% |
January 28, 2022 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 2 known exploited GNU vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 18 vulnerabilities in GNU with an average score of 6.2 out of ten. Last year, in 2025 GNU had 90 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.69.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 18 | 6.24 |
| 2025 | 90 | 5.55 |
| 2024 | 33 | 6.68 |
| 2023 | 78 | 6.93 |
| 2022 | 51 | 7.18 |
| 2021 | 87 | 7.51 |
| 2020 | 54 | 6.38 |
| 2019 | 83 | 7.18 |
| 2018 | 77 | 6.54 |
It may take a day or so for new GNU vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-32772 | Mar 13, 2026 |
GNU Inetutils <=2.7 Telnet Read Env via NEW_ENVIRON SEND USERVARtelnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. |
Inetutils
|
| CVE-2026-32746 | Mar 13, 2026 |
GNU inetutils telnetd OOB write via LINEMODE SLC before 2.8telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. |
Inetutils
|
| CVE-2026-3904 | Mar 11, 2026 |
glibc 2.35-2.36 nscd crash via memcmp UB on x86_64Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client. |
Glibc
|
| CVE-2025-69647 | Mar 09, 2026 |
DoS in GNU Binutils readelf via malformed DWARF loclist (2.45.1)GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis. |
Binutils
|
| CVE-2025-69648 | Mar 09, 2026 |
GNU Binutils 2.45.1 readelf DoS via malformed DWARF .debug_rnglistsGNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed. |
Binutils
|
| CVE-2025-69649 | Mar 06, 2026 |
GNU Binutils 2.46 readelf NULL Deref in display_relocationsGNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed. |
Binutils
|
| CVE-2025-69650 | Mar 06, 2026 |
GNU Binutils <=2.46 Readelf Double-Free via GOT RelocationGNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. |
Binutils
|
| CVE-2025-69652 | Mar 06, 2026 |
DoS in GNU Binutils readelf 2.46 via Malformed DWARFGNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service. |
Binutils
|
| CVE-2025-69644 | Mar 06, 2026 |
Binutils objdump DoS via malformed DWARF before v2.46An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file. |
Binutils
|
| CVE-2025-69645 | Mar 06, 2026 |
Binutils objdump DoS via malformed DWARF offset_size (2.44)Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file. |
Binutils
|
| CVE-2025-69646 | Mar 06, 2026 |
Binutils 2.44 objdump Denial-of-Service via Malformed DWARFBinutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis. |
Binutils
|
| CVE-2025-69651 | Mar 06, 2026 |
GNU Binutils <=2.46 readelf invalid pointer free leads to DOSGNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. |
Binutils
|
| CVE-2026-28372 | Feb 27, 2026 |
Privilege Escalation in GNU inetutils telnetd (<2.7) via systemd credentialstelnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file. |
Inetutils
|
| CVE-2025-0577 | Feb 18, 2026 |
glibc Insufficient Entropy via getrandom/arc4random After ForkAn insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. |
Glibc
|
| CVE-2026-25869 | Feb 11, 2026 |
MiniGal Nano 0.3.5- Path Traversal via dir param in index.phpMiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure. |
Nano
|
| CVE-2026-25868 | Feb 11, 2026 |
MiniGal Nano 0.3.5 XSS via dir param in index.phpMiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply HTML/JavaScript that is reflected in the response. Successful exploitation can lead to execution of arbitrary script in a victim's browser in the context of the vulnerable application. |
Nano
|
| CVE-2025-14831 | Feb 09, 2026 |
GnuTLS DoS via oversized SANs in certificatesA flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). |
Gnutls
|
| CVE-2026-24061 | Jan 21, 2026 |
Authentication Bypass in GNU Inetutils telnetd <=2.7 via USER vartelnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. |
Inetutils
|
| CVE-2025-54770 | Nov 18, 2025 |
GRUB2 UAF in network module => DoSA vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability |
Grub2
|
| CVE-2025-61664 | Nov 18, 2025 |
GRUB2 Normal Module UAF Can Crash or Leak DataA vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity. |
Grub2
|
| CVE-2025-61663 | Nov 18, 2025 |
GRUB2: UAF in normal command leads to DoSA vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded. |
Grub2
|
| CVE-2025-61662 | Nov 18, 2025 |
UAF in GRUB gettext module leads to denial of serviceA Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. |
Grub
|
| CVE-2025-61661 | Nov 18, 2025 |
CVE-2025-61661: GRUB USB String Conv DoSA vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited. |
Grub
|
| CVE-2025-54771 | Nov 18, 2025 |
Use-After-Free in GNU GRUB Causes DoS via Invalid File PointerA use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. |
Grub
|
| CVE-2025-58183 | Oct 29, 2025 |
GNU tar 1.0: tar.Reader Sparse Region DoS via Unbounded Allocationtar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations. |
Tar
|
| CVE-2025-11840 | Oct 16, 2025 |
GNU Binutils 2.45 OOB Read via vfinfo (ldmisc.c)A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue. |
Binutils
|
| CVE-2025-11839 | Oct 16, 2025 |
Local Exploit: Unchecked Return in Binutils 2.45 tg_tag_typeA security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. |
Binutils
|
| CVE-2025-11495 | Oct 08, 2025 |
Heap BOF in GNU Binutils 2.45 Linker elf_x86_64_relocate_sectionA vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch. |
Binutils
|
| CVE-2025-11494 | Oct 08, 2025 |
CVE-2025-11494: GNU Binutils 2.45 OOB Read in Linker elfxx-x86A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue. |
Binutils
|
| CVE-2025-11414 | Oct 07, 2025 |
GNU Binutils 2.45 OOB Read in get_link_hash_entry (Linker)A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component. |
Binutils
|
| CVE-2025-11413 | Oct 07, 2025 |
GNU Binutils 2.45 OOB Read in Linker (elf_link_add_object_symbols)A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised. |
Binutils
|
| CVE-2025-11412 | Oct 07, 2025 |
GNU Binutils 2.45 Linker OOB read in bfd_elf_gc_record_vtentryA vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. |
Binutils
|
| CVE-2025-11083 | Sep 27, 2025 |
GNU Binutils 2.45 Heap Buffer Overflow in elf_swap_shdr (Linker)A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46". |
Binutils
|
| CVE-2025-11082 | Sep 27, 2025 |
GNU Binutils 2.45 Heap-based BO in _bfd_elf_parse_eh_frame (Linker)A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46". |
Binutils
|
| CVE-2025-11081 | Sep 27, 2025 |
Binutils 2.45 OOB read in dump_dwarf_section local accessA vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue. |
Binutils
|
| CVE-2025-59378 | Sep 15, 2025 |
Setuid Privilege Escalation in guix-daemon (GNU Guix)In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended). |
Guix
|
| CVE-2025-8735 | Aug 08, 2025 |
Null Pointer Deref in GNU cflow <1.8 via Lexer yylexA vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
Cflow
|
| CVE-2025-8736 | Aug 08, 2025 |
GNU cflow <=1.8 Buffer Overflow in Lexer (Local Buffer Overrun)A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. |
Cflow
|
| CVE-2025-8733 | Aug 08, 2025 |
Reachable Assertion in GNU Bison <=3.8.2 __obstack_vprintf_internal (local host) |
|
| CVE-2025-8734 | Aug 08, 2025 |
GNU Bison 3.8.2 Double Free in code_free (Local) |
|
| CVE-2025-8225 | Jul 27, 2025 |
GNU Binutils 2.44 Mem Leak in DWARF Section HandlerA vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-8224 | Jul 27, 2025 |
Local NPE in BFD Library (Binutils 2.44) via elf.cA vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-8058 | Jul 23, 2025 |
glibc Double Free in regcomp v2.4-2.41The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. |
Glibc
|
| CVE-2025-7545 | Jul 13, 2025 |
Heap Buffer Overflow in GNU binutils 2.45 objcopy copy_sectionA vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-7546 | Jul 13, 2025 |
GNU Binutils 2.45: Out-of-Bounds Write in bfd_elf_set_group_contents (Local)A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue. |
Binutils
|
| CVE-2025-24294 | Jul 12, 2025 |
DoS via Unbounded DNS Name Decompression in resolv LibThe attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. |
Glibc
|
| CVE-2025-45582 | Jul 11, 2025 |
GNU Tar <1.35 Directory Traversal + File Overwrite via Double ExtractionGNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory. |
Tar
|
| CVE-2025-32990 | Jul 10, 2025 |
GnuTLS certtool Heap OOB Null Write in Template Parsing – DoSA heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. |
Gnutls
|
| CVE-2025-32989 | Jul 10, 2025 |
GnuTLS CT SCT Heap-Buffer-Overread (CVE-2025-32989)A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. |
Gnutls
|
| CVE-2025-6141 | Jun 16, 2025 |
Stack Buffer Overflow in GNU ncurses 6.5-20250322 tinfo/parse_entry.cA vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. |
Ncurses
|