GNU Binutils
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNU Binutils.
By the Year
In 2026 there have been 9 vulnerabilities in GNU Binutils with an average score of 5.9 out of ten. Last year, in 2025 Binutils had 32 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Binutils in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.27.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 9 | 5.90 |
| 2025 | 32 | 4.63 |
| 2024 | 0 | 0.00 |
| 2023 | 27 | 6.36 |
| 2022 | 1 | 5.50 |
| 2021 | 13 | 6.46 |
| 2020 | 6 | 3.30 |
| 2019 | 19 | 5.50 |
| 2018 | 41 | 6.37 |
It may take a day or so for new Binutils vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Binutils Security Vulnerabilities
DoS in GNU Binutils readelf via malformed DWARF loclist (2.45.1)
CVE-2025-69647
6.2 - Medium
- March 09, 2026
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
Infinite Loop
GNU Binutils 2.45.1 readelf DoS via malformed DWARF .debug_rnglists
CVE-2025-69648
6.2 - Medium
- March 09, 2026
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
Infinite Loop
GNU Binutils 2.46 readelf NULL Deref in display_relocations
CVE-2025-69649
5.5 - Medium
- March 06, 2026
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
NULL Pointer Dereference
GNU Binutils <=2.46 Readelf Double-Free via GOT Relocation
CVE-2025-69650
7.5 - High
- March 06, 2026
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.
Double-free
DoS in GNU Binutils readelf 2.46 via Malformed DWARF
CVE-2025-69652
6.2 - Medium
- March 06, 2026
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Improper Cleanup on Thrown Exception
Binutils objdump DoS via malformed DWARF before v2.46
CVE-2025-69644
5 - Medium
- March 06, 2026
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
Resource Exhaustion
Binutils objdump DoS via malformed DWARF offset_size (2.44)
CVE-2025-69645
5.5 - Medium
- March 06, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Resource Exhaustion
Binutils 2.44 objdump Denial-of-Service via Malformed DWARF
CVE-2025-69646
5.5 - Medium
- March 06, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Resource Exhaustion
GNU Binutils <=2.46 readelf invalid pointer free leads to DOS
CVE-2025-69651
5.5 - Medium
- March 06, 2026
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
NULL Pointer Dereference
GNU Binutils 2.45 OOB Read via vfinfo (ldmisc.c)
CVE-2025-11840
3.3 - Low
- October 16, 2025
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
Out-of-bounds Read
Local Exploit: Unchecked Return in Binutils 2.45 tg_tag_type
CVE-2025-11839
3.3 - Low
- October 16, 2025
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.
Unchecked Return Value
Heap BOF in GNU Binutils 2.45 Linker elf_x86_64_relocate_section
CVE-2025-11495
3.3 - Low
- October 08, 2025
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.
Heap-based Buffer Overflow
CVE-2025-11494: GNU Binutils 2.45 OOB Read in Linker elfxx-x86
CVE-2025-11494
3.3 - Low
- October 08, 2025
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
Out-of-bounds Read
GNU Binutils 2.45 OOB Read in get_link_hash_entry (Linker)
CVE-2025-11414
3.3 - Low
- October 07, 2025
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.
Out-of-bounds Read
GNU Binutils 2.45 OOB Read in Linker (elf_link_add_object_symbols)
CVE-2025-11413
3.3 - Low
- October 07, 2025
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.
Out-of-bounds Read
GNU Binutils 2.45 Linker OOB read in bfd_elf_gc_record_vtentry
CVE-2025-11412
3.3 - Low
- October 07, 2025
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.
Out-of-bounds Read
GNU Binutils 2.45 Heap Buffer Overflow in elf_swap_shdr (Linker)
CVE-2025-11083
5.3 - Medium
- September 27, 2025
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
Heap-based Buffer Overflow
GNU Binutils 2.45 Heap-based BO in _bfd_elf_parse_eh_frame (Linker)
CVE-2025-11082
5.3 - Medium
- September 27, 2025
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
Heap-based Buffer Overflow
Binutils 2.45 OOB read in dump_dwarf_section local access
CVE-2025-11081
3.3 - Low
- September 27, 2025
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.
Out-of-bounds Read
GNU Binutils 2.44 Mem Leak in DWARF Section Handler
CVE-2025-8225
3.3 - Low
- July 27, 2025
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
Memory Leak
Local NPE in BFD Library (Binutils 2.44) via elf.c
CVE-2025-8224
5.5 - Medium
- July 27, 2025
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.
NULL Pointer Dereference
Heap Buffer Overflow in GNU binutils 2.45 objcopy copy_section
CVE-2025-7545
7.8 - High
- July 13, 2025
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
Buffer Overflow
GNU Binutils 2.45: Out-of-Bounds Write in bfd_elf_set_group_contents (Local)
CVE-2025-7546
7.8 - High
- July 13, 2025
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
Buffer Overflow
GNU Binutils 2.44-Objdump Debug_type_samep Mem Corruption (Local)
CVE-2025-5245
5.3 - Medium
- May 27, 2025
A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Buffer Overflow
GNU Binutils 2.44 LD elf_gc_sweep Memory Corruption (CVE-2025-5244)
CVE-2025-5244
5.3 - Medium
- May 27, 2025
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
Buffer Overflow
GNU Binutils 2.43/2.44 objdump display_info memory leak
CVE-2025-3198
5.5 - Medium
- April 04, 2025
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
Memory Leak
Remote Mem Corruption via bfd_elf_reloc in GNU Binutils 2.43
CVE-2025-1182
5 - Medium
- February 11, 2025
A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.
Buffer Overflow
Binutils 2.43 Remote MEMCORR via ld EH Frame
CVE-2025-1180
3.1 - Low
- February 11, 2025
A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Buffer Overflow
Critical MemCorrupt in GNU Binutils 2.43 via _bfd_elf_gc_mark_rsec
CVE-2025-1181
5 - Medium
- February 11, 2025
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.
Buffer Overflow
GNU Binutils 2.43: ld bfd_putl64 Memory Corruption (Remote, Hard Exploit)
CVE-2025-1178
5.6 - Medium
- February 11, 2025
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.
Buffer Overflow
Critical Memcorrupt in GNU Binutils 2.43 ld via bfd_putl64 (remote)
CVE-2025-1179
7.5 - High
- February 11, 2025
A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".
Buffer Overflow
GNU Binutils 2.43 ld Heap Overflow Vulnerability in _bfd_elf_gc_mark_rsec
CVE-2025-1176
5 - Medium
- February 11, 2025
A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.
Buffer Overflow
Binutils 2.43/2.44 Remote bfd_set_format MemCorrupt (Fixed 2.45)
CVE-2025-1153
5.9 - Medium
- February 10, 2025
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.
Buffer Overflow
Memory Leak in GNU Binutils 2.43 ld xstrdup Remote Attack
CVE-2025-1152
3.7 - Low
- February 10, 2025
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
Improper Resource Shutdown or Release
GNU Binutils 2.43: bfd_malloc memory leak via ld (remote attack)
CVE-2025-1150
3.1 - Low
- February 10, 2025
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
Improper Resource Shutdown or Release
GNU Binutils 2.43 memory leak in ld before 2.44
CVE-2025-1151
3.1 - Low
- February 10, 2025
A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
Improper Resource Shutdown or Release
GNU Binutils 2.43 ld xstrdup Mem Leak Remote (CVE-2025-1149)
CVE-2025-1149
3.1 - Low
- February 10, 2025
A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
Improper Resource Shutdown or Release
GNU Binutils 2.43 Buffer Overflow in nm via __sanitizer
CVE-2025-1147
5.3 - Medium
- February 10, 2025
A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Memory Leak in GNU Binutils 2.43 ld link_order_scan (Remote)
CVE-2025-1148
3.1 - Low
- February 10, 2025
A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
Improper Resource Shutdown or Release
Stack Buffer Overflow in GNU Binutils <=2.43 objdump.c
CVE-2025-0840
7.5 - High
- January 29, 2025
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.
Buffer Overflow
GNU binutils 2.43+ nm insecure ACL via --without-symbol-version (local)
CVE-2024-57360
- January 21, 2025
https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.
CVE-2023-25586: Binutils BFD Decompression Status Logic Failure leads to DoS
CVE-2023-25586
5.5 - Medium
- September 14, 2023
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Use of Uninitialized Resource
Uninitialized 'the_bfd' in Binutils asymbol leads local DOS
CVE-2023-25588
5.5 - Medium
- September 14, 2023
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Use of Uninitialized Resource
OOB Read in Binutils Bfd VMS-Alpha Module
CVE-2023-25584
7.1 - High
- September 14, 2023
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Out-of-bounds Read
Binutils Uninitialized Module Struct Field DOS
CVE-2023-25585
5.5 - Medium
- September 14, 2023
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Use of Uninitialized Resource
Binutils objdump <=2.39.3 DoS via bfd_mach_o_get_synthetic_symtab
CVE-2022-47695
7.8 - High
- August 22, 2023
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
Memory Leak in GNU Binutils <2.40 via find_abstract_instance in dwarf2.c
CVE-2022-48065
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
Memory Leak
Excessive Memory Use in GNU Binutils <2.40 via bfd_dwarf2_find_nearest_line
CVE-2022-48064
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Allocation of Resources Without Limits or Throttling
GNU Binutils <2.40: load_separate_debug_files Memory Exhaustion via crafted ELF
CVE-2022-48063
5.5 - Medium
- August 22, 2023
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Resource Exhaustion
Binutils objdump <=2.39.3 compare_symbols DoS (CVE-2022-47696)
CVE-2022-47696
7.8 - High
- August 22, 2023
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNU Binutils or by GNU? Click the Watch button to subscribe.
