GNU Binutils

A flaw was found in Binutils

CVE-2023-25588 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

Use of Uninitialized Resource

A flaw was found in Binutils

CVE-2023-25586 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

Use of Uninitialized Resource

A flaw was found in Binutils

CVE-2023-25585 5.5 - Medium - September 14, 2023

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Use of Uninitialized Resource

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2023-25584 7.1 - High - September 14, 2023

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

Out-of-bounds Read

An issue was discovered in GNU Binutils 2.34

CVE-2020-21490 5.5 - Medium - August 22, 2023

An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

Memory Leak

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data

CVE-2020-19726 8.8 - High - August 22, 2023

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34

CVE-2020-19724 5.5 - Medium - August 22, 2023

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

Memory Leak

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

CVE-2021-46174 7.5 - High - August 22, 2023

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Memory Corruption

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could

CVE-2020-35342 7.5 - High - August 22, 2023

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

Improper Initialization

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVE-2022-48065 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

Memory Leak

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability

CVE-2022-48064 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Allocation of Resources Without Limits or Throttling

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability

CVE-2022-48063 5.5 - Medium - August 22, 2023

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Resource Exhaustion

An issue was discovered Binutils objdump before 2.39.3

CVE-2022-47696 7.8 - High - August 22, 2023

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

An issue was discovered Binutils objdump before 2.39.3

CVE-2022-47695 7.8 - High - August 22, 2023

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads

CVE-2022-47673 7.8 - High - August 22, 2023

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

Out-of-bounds Read

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38

CVE-2022-47011 5.5 - Medium - August 22, 2023

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38

CVE-2022-47010 5.5 - Medium - August 22, 2023

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38

CVE-2022-47008 5.5 - Medium - August 22, 2023

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38

CVE-2022-47007 5.5 - Medium - August 22, 2023

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Memory Leak

Heap buffer overflow vulnerability in binutils readelf before 2.40

CVE-2022-45703 7.8 - High - August 22, 2023

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Memory Corruption

Heap buffer overflow vulnerability in binutils readelf before 2.40

CVE-2022-44840 7.8 - High - August 22, 2023

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Memory Corruption

Null pointer dereference vulnerability in Binutils readelf 2.38.50

CVE-2022-35206 5.5 - Medium - August 22, 2023

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

NULL Pointer Dereference

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names

CVE-2022-35205 5.5 - Medium - August 22, 2023

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

assertion failure

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36

CVE-2021-32256 6.5 - Medium - July 18, 2023

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Memory Corruption

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c

CVE-2023-1972 6.5 - Medium - May 17, 2023

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Memory Corruption

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

CVE-2023-1579 7.8 - High - April 03, 2023

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

Memory Corruption

An illegal memory access flaw was found in the binutils package

CVE-2022-4285 5.5 - Medium - January 27, 2023

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new

CVE-2022-38533 5.5 - Medium - August 26, 2022

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Memory Corruption

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37

CVE-2021-45078 7.8 - High - December 15, 2021

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Memory Corruption

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability

CVE-2021-37322 7.8 - High - November 18, 2021

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

Dangling pointer

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36

CVE-2021-3530 7.5 - High - June 02, 2021

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Stack Exhaustion

An out of bounds flaw was found in GNU binutils objdump utility version 2.36

CVE-2021-3549 7.1 - High - May 26, 2021

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Memory Corruption

A flaw was found in binutils readelf 2.35 program

CVE-2021-20294 7.8 - High - April 29, 2021

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

Memory Corruption

Rejected reason: Non Security Issue

CVE-2021-3487 - April 15, 2021

Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar

CVE-2021-20197 6.3 - Medium - March 26, 2021

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

insecure temporary file

A flaw was found in GNU Binutils 2.35.1

CVE-2021-20284 5.5 - Medium - March 26, 2021

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

Buffer Overflow

A flaw exists in binutils in bfd/pef.c

CVE-2020-35493 5.5 - Medium - January 04, 2021

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

Improper Input Validation

There's a flaw in binutils /opcodes/tic4x-dis.c

CVE-2020-35494 6.1 - Medium - January 04, 2021

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

Use of Uninitialized Resource

There's a flaw in binutils /bfd/pef.c

CVE-2020-35495 5.5 - Medium - January 04, 2021

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

NULL Pointer Dereference

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could

CVE-2020-35496 5.5 - Medium - January 04, 2021

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

NULL Pointer Dereference

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could

CVE-2020-35507 5.5 - Medium - January 04, 2021

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

NULL Pointer Dereference

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1

CVE-2020-35448 3.3 - Low - December 27, 2020

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Out-of-bounds Read

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf

CVE-2020-16590 5.5 - Medium - December 09, 2020

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

Double-free

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table

CVE-2020-16591 5.5 - Medium - December 09, 2020

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

Out-of-bounds Read

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new

CVE-2020-16592 5.5 - Medium - December 09, 2020

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Dangling pointer

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line

CVE-2020-16593 5.5 - Medium - December 09, 2020

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

NULL Pointer Dereference

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new

CVE-2020-16599 5.5 - Medium - December 09, 2020

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

NULL Pointer Dereference

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-17450 6.5 - Medium - October 10, 2019

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Stack Exhaustion

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-17451 6.5 - Medium - October 10, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

Integer Overflow or Wraparound

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow

CVE-2019-14444 5.5 - Medium - July 30, 2019

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

Integer Overflow or Wraparound

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32

CVE-2019-14250 5.5 - Medium - July 24, 2019

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

Memory Corruption

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation

CVE-2019-1010204 5.5 - Medium - July 23, 2019

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Out-of-bounds Read

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-12972 5.5 - Medium - June 26, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

Out-of-bounds Read

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32

CVE-2019-9070 7.8 - High - February 24, 2019

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

Out-of-bounds Read

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32

CVE-2019-9071 5.5 - Medium - February 24, 2019

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Stack Exhaustion

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-9072 5.5 - Medium - February 24, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

Allocation of Resources Without Limits or Throttling

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-9073 5.5 - Medium - February 24, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

Allocation of Resources Without Limits or Throttling

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-9074 5.5 - Medium - February 24, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

Out-of-bounds Read

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-9075 7.8 - High - February 24, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Memory Corruption

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32

CVE-2019-9076 5.5 - Medium - February 24, 2019

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

Allocation of Resources Without Limits or Throttling

An issue was discovered in GNU Binutils 2.32

CVE-2019-9077 7.8 - High - February 24, 2019

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Memory Corruption

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty

CVE-2018-20712 6.5 - Medium - January 15, 2019

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Out-of-bounds Read

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values")

CVE-2018-20673 5.5 - Medium - January 04, 2019

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Memory Corruption

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability

CVE-2018-20671 5.5 - Medium - January 04, 2019

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

Memory Corruption

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak

CVE-2018-20657 7.5 - High - January 02, 2019

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Missing Release of Resource after Effective Lifetime

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd)

CVE-2018-20651 5.5 - Medium - January 01, 2019

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.

NULL Pointer Dereference

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c

CVE-2018-20623 5.5 - Medium - December 31, 2018

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Dangling pointer

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc

CVE-2018-1000876 7.8 - High - December 20, 2018

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

Memory Corruption

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak

CVE-2018-20002 5.5 - Medium - December 10, 2018

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

Missing Release of Resource after Effective Lifetime

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31

CVE-2018-19931 7.8 - High - December 07, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

Memory Corruption

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31

CVE-2018-19932 5.5 - Medium - December 07, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

Integer Overflow or Wraparound

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31

CVE-2018-18700 5.5 - Medium - October 29, 2018

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

Infinite Loop

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31

CVE-2018-18701 5.5 - Medium - October 29, 2018

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

Infinite Loop

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31

CVE-2018-18605 5.5 - Medium - October 23, 2018

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Out-of-bounds Read

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd)

CVE-2018-18606 5.5 - Medium - October 23, 2018

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

NULL Pointer Dereference

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd)

CVE-2018-18607 5.5 - Medium - October 23, 2018

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

NULL Pointer Dereference

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31

CVE-2018-18483 7.8 - High - October 18, 2018

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Integer Overflow or Wraparound

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31

CVE-2018-18484 5.5 - Medium - October 18, 2018

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.

Stack Exhaustion

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31

CVE-2018-18309 5.5 - Medium - October 15, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.

Buffer Overflow

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31

CVE-2018-17985 5.5 - Medium - October 04, 2018

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.

Resource Exhaustion

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31

CVE-2018-17794 6.5 - Medium - September 30, 2018

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.

NULL Pointer Dereference

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31

CVE-2018-17358 5.5 - Medium - September 23, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

Buffer Overflow

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31

CVE-2018-17359 5.5 - Medium - September 23, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

Buffer Overflow

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31

CVE-2018-17360 5.5 - Medium - September 23, 2018

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.

Out-of-bounds Read

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30

CVE-2018-13033 5.5 - Medium - July 01, 2018

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

Allocation of Resources Without Limits or Throttling

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30

CVE-2018-12934 7.5 - High - June 28, 2018

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Allocation of Resources Without Limits or Throttling

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_

CVE-2018-12697 7.5 - High - June 23, 2018

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

NULL Pointer Dereference

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30

CVE-2018-12698 7.5 - High - June 23, 2018

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

finish_stab in stabs.c in GNU Binutils 2.30

CVE-2018-12699 9.8 - Critical - June 23, 2018

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

Memory Corruption

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30

CVE-2018-12641 5.5 - Medium - June 22, 2018

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

Resource Exhaustion

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop

CVE-2018-10534 5.5 - Medium - April 29, 2018

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.

Memory Corruption

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type

CVE-2018-10535 5.5 - Medium - April 29, 2018

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.

NULL Pointer Dereference

process_cu_tu_index in dwarf.c in GNU Binutils 2.30

CVE-2018-10372 5.5 - Medium - April 25, 2018

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

Out-of-bounds Read

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30

CVE-2018-10373 6.5 - Medium - April 25, 2018

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

NULL Pointer Dereference

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30

CVE-2018-9996 5.5 - Medium - April 10, 2018

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Stack Exhaustion

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30

CVE-2018-9138 5.5 - Medium - March 30, 2018

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

Stack Exhaustion

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30

CVE-2018-8945 5.5 - Medium - March 22, 2018

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

Improper Input Validation

The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30

CVE-2018-7642 5.5 - Medium - March 02, 2018

The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.

NULL Pointer Dereference

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30

CVE-2018-7643 7.8 - High - March 02, 2018

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

Integer Overflow or Wraparound

The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30

CVE-2018-7568 5.5 - Medium - February 28, 2018

The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.

Integer Overflow or Wraparound