GNU

A flaw was found in grub2

CVE-2025-0678 7.8 - High - March 03, 2025

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.

Integer Overflow or Wraparound

A flaw was found in the HFS filesystem

CVE-2024-45782 7.8 - High - March 03, 2025

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.

Memory Corruption

A stack overflow flaw was found when reading a BFS file system

CVE-2024-45778 5.5 - Medium - March 03, 2025

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

Integer Overflow or Wraparound

A flaw was found in grub2

CVE-2024-45780 6.7 - Medium - March 03, 2025

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

Memory Corruption

An integer overflow flaw was found in the BFS file system driver in grub2

CVE-2024-45779 6 - Medium - March 03, 2025

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.

Integer Overflow or Wraparound

A vulnerability was found in GNU Binutils 2.43

CVE-2025-1179 7.5 - High - February 11, 2025

A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".

Buffer Overflow

A vulnerability was found in GNU Binutils 2.43 and classified as critical

CVE-2025-1176 5 - Medium - February 11, 2025

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.

Buffer Overflow

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44

CVE-2025-1153 5.9 - Medium - February 10, 2025

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.

Buffer Overflow

A vulnerability classified as problematic has been found in GNU Binutils 2.43

CVE-2025-1152 3.7 - Low - February 10, 2025

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Improper Resource Shutdown or Release

A vulnerability was found in GNU Binutils 2.43

CVE-2025-1151 3.1 - Low - February 10, 2025

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Improper Resource Shutdown or Release

A vulnerability was found in GNU Binutils 2.43

CVE-2025-1150 3.1 - Low - February 10, 2025

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Improper Resource Shutdown or Release

A vulnerability was found in GNU Binutils 2.43

CVE-2025-1149 3.1 - Low - February 10, 2025

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Improper Resource Shutdown or Release

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic

CVE-2025-1147 5.3 - Medium - February 10, 2025

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in GNU Binutils 2.43 and classified as problematic

CVE-2025-1148 3.1 - Low - February 10, 2025

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Improper Resource Shutdown or Release

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43

CVE-2025-0840 7.5 - High - January 29, 2025

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Buffer Overflow

GRUB2 Side-Channel Attack Vulnerability in grub_crypto_memcmp

CVE-2024-56738 - December 29, 2024

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

GNU GRUB2 HFS Filesystem Heap-based Buffer Overflow Vulnerability

CVE-2024-56737 - December 29, 2024

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

GNU Emacs elisp-mode Unsafe Macro Expansion Code Execution Vulnerability

CVE-2024-53920 - November 27, 2024

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Wget Arbitrary Host Access Vulnerability via Shorthand URL Credential Injection

CVE-2024-10524 - November 19, 2024

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

SSRF

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data

CVE-2024-38428 9.1 - Critical - June 16, 2024

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Interpretation Conflict

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file

CVE-2024-5742 6.7 - Medium - June 12, 2024

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

insecure temporary file

A flaw was found in the grub2-set-bootflag utility of grub2

CVE-2024-1048 3.3 - Low - February 06, 2024

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

Insufficient Cleanup

A flaw was found in indent, a program for formatting C code

CVE-2024-0911 5.5 - Medium - February 06, 2024

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

Memory Corruption

A flaw was found in the GNU coreutils "split" program

CVE-2024-0684 5.5 - Medium - February 06, 2024

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Memory Corruption

A path traversal vulnerability was found in the CPIO utility

CVE-2023-7216 5.3 - Medium - February 05, 2024

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.

Directory traversal

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library

CVE-2023-6246 7.8 - High - January 31, 2024

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Memory Corruption

An integer overflow was found in the __vsyslog_internal function of the glibc library

CVE-2023-6780 5.3 - Medium - January 31, 2024

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Incorrect Calculation of Buffer Size

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library

CVE-2023-6779 7.5 - High - January 31, 2024

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Memory Corruption

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust

CVE-2024-0567 7.5 - High - January 16, 2024

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Improper Verification of Cryptographic Signature

A vulnerability was found in GnuTLS

CVE-2024-0553 7.5 - High - January 16, 2024

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Side Channel Attack

An authentication bypass flaw was found in GRUB due to the way

CVE-2023-4001 6.8 - Medium - January 15, 2024

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Authentication Bypass by Spoofing

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVE-2023-26157 7.5 - High - January 02, 2024

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

Out-of-bounds Read

A vulnerability was found

CVE-2023-5981 5.9 - Medium - November 28, 2023

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Side Channel Attack

An attacker with local access to a system (either through a disk or external drive)

CVE-2023-4949 6.7 - Medium - November 10, 2023

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grubs XFS file system implementation.

Memory Corruption

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver

CVE-2023-4693 4.6 - Medium - October 25, 2023

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

Out-of-bounds Read

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver

CVE-2023-4692 7.8 - High - October 25, 2023

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Memory Corruption

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable

CVE-2023-4911 7.8 - High - October 03, 2023

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Memory Corruption

A heap out-of-bounds read flaw was found in builtin.c in the gawk package

CVE-2023-4156 7.1 - High - September 25, 2023

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

Out-of-bounds Read

A flaw was found in the GNU C Library

CVE-2023-5156 7.5 - High - September 25, 2023

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Memory Leak

A flaw was found in glibc

CVE-2023-4527 6.5 - Medium - September 18, 2023

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Out-of-bounds Read

A flaw was found in glibc

CVE-2023-4806 5.9 - Medium - September 18, 2023

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Dangling pointer

A flaw was found in Binutils

CVE-2023-25588 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

Use of Uninitialized Resource

A flaw was found in Binutils

CVE-2023-25586 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

Use of Uninitialized Resource

A flaw was found in Binutils

CVE-2023-25585 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Use of Uninitialized Resource

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2023-25584 7.1 - High - September 14, 2023

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

Out-of-bounds Read

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains

CVE-2023-4039 4.8 - Medium - September 13, 2023

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

A flaw was found in glibc

CVE-2023-4813 5.9 - Medium - September 12, 2023

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Dangling pointer

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38

CVE-2022-47011 5.5 - Medium - August 22, 2023

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads

CVE-2022-47673 7.8 - High - August 22, 2023

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

Out-of-bounds Read

An issue was discovered Binutils objdump before 2.39.3

CVE-2022-47695 7.8 - High - August 22, 2023

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

An issue was discovered Binutils objdump before 2.39.3

CVE-2022-47696 7.8 - High - August 22, 2023

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability

CVE-2022-48063 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Resource Exhaustion

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability

CVE-2022-48064 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Allocation of Resources Without Limits or Throttling

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVE-2022-48065 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

Memory Leak

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could

CVE-2020-35342 7.5 - High - August 22, 2023

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

Improper Initialization

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

CVE-2021-46174 7.5 - High - August 22, 2023

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Memory Corruption

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1

CVE-2020-19188 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1

CVE-2020-19189 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1

CVE-2020-19190 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34

CVE-2020-19724 5.5 - Medium - August 22, 2023

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

Memory Leak

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data

CVE-2020-19726 8.8 - High - August 22, 2023

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

An issue was discovered in GNU Binutils 2.34

CVE-2020-21490 5.5 - Medium - August 22, 2023

An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

Memory Leak

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38

CVE-2022-47010 5.5 - Medium - August 22, 2023

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38

CVE-2022-47008 5.5 - Medium - August 22, 2023

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38

CVE-2022-47007 5.5 - Medium - August 22, 2023

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

Heap buffer overflow vulnerability in binutils readelf before 2.40

CVE-2022-45703 7.8 - High - August 22, 2023

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Memory Corruption

Heap buffer overflow vulnerability in binutils readelf before 2.40

CVE-2022-44840 7.8 - High - August 22, 2023

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Memory Corruption

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library)

CVE-2020-35357 6.5 - Medium - August 22, 2023

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.

Classic Buffer Overflow

Null pointer dereference vulnerability in Binutils readelf 2.38.50

CVE-2022-35206 5.5 - Medium - August 22, 2023

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

NULL Pointer Dereference

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names

CVE-2022-35205 5.5 - Medium - August 22, 2023

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

assertion failure

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1

CVE-2020-19185 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1

CVE-2020-19186 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1

CVE-2020-19187 6.5 - Medium - August 22, 2023

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Memory Corruption

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c

CVE-2023-40305 5.5 - Medium - August 14, 2023

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

Memory Corruption

GNU inetutils before 2.5 may

CVE-2023-40303 7.8 - High - August 14, 2023

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

Unchecked Return Value

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow

CVE-2023-39128 5.5 - Medium - July 25, 2023

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

Memory Corruption

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free

CVE-2023-39129 5.5 - Medium - July 25, 2023

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

Dangling pointer

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow

CVE-2023-39130 5.5 - Medium - July 25, 2023

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

Memory Corruption

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet

CVE-2022-28733 8.1 - High - July 20, 2023

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

Integer underflow

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers

CVE-2022-28734 7 - High - July 20, 2023

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

Memory Corruption

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems

CVE-2022-28735 7.8 - High - July 20, 2023

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems

CVE-2022-28736 7.8 - High - July 20, 2023

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.

Dangling pointer

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36

CVE-2021-32256 6.5 - Medium - July 18, 2023

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Memory Corruption

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might

CVE-2015-20109 5.5 - Medium - June 25, 2023

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.

Classic Buffer Overflow

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36271 8.8 - High - June 23, 2023

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

Memory Corruption

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36272 8.8 - High - June 23, 2023

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36273 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

Memory Corruption

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36274 8.8 - High - June 23, 2023

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

Memory Corruption

A vulnerability was found in GNU cflow 1.7

CVE-2023-2789 7.5 - High - May 18, 2023

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Improper Resource Shutdown or Release

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c

CVE-2023-1972 6.5 - Medium - May 17, 2023

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Memory Corruption

A flaw was found in the Emacs text editor

CVE-2023-2491 7.8 - High - May 17, 2023

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Command Injection

An issue was discovered in Mailman Core before 3.3.5

CVE-2021-34337 6.3 - Medium - April 15, 2023

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file

CVE-2023-29491 7.8 - High - April 14, 2023

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Memory Corruption

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD)

CVE-2023-24626 6.5 - Medium - April 08, 2023

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

CVE-2023-1579 7.8 - High - April 03, 2023

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

Memory Corruption

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name

CVE-2023-28617 7.8 - High - March 19, 2023

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

Shell injection

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI

CVE-2023-27985 7.8 - High - March 09, 2023

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90

Shell injection

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters

CVE-2023-27986 7.8 - High - March 09, 2023

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.

Code Injection

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5

CVE-2023-25222 8.8 - High - March 01, 2023

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

Memory Corruption

GNU libmicrohttpd before 0.9.76

CVE-2023-27371 5.9 - Medium - February 28, 2023

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Out-of-bounds Read