Filtered by vendor Gnu
Subscribe
Total
989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7226 | 1 Gnu | 1 Binutils | 2019-10-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. | |||||
| CVE-2017-6969 | 1 Gnu | 1 Binutils | 2019-10-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. | |||||
| CVE-2019-16165 | 1 Gnu | 1 Cflow | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | |||||
| CVE-2019-16166 | 1 Gnu | 1 Cflow | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. | |||||
| CVE-2018-20969 | 1 Gnu | 1 Patch | 2019-09-05 | 9.3 HIGH | 7.8 HIGH |
| do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | |||||
| CVE-2014-10375 | 1 Gnu | 1 Exosip | 2019-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | |||||
| CVE-2019-13638 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2019-08-16 | 9.3 HIGH | 7.8 HIGH |
| GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. | |||||
| CVE-2016-10739 | 2 Gnu, Opensuse | 2 Glibc, Leap | 2019-08-06 | 4.6 MEDIUM | 5.3 MEDIUM |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | |||||
| CVE-2018-12697 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2019-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | |||||
| CVE-2018-19932 | 2 Gnu, Netapp | 3 Binutils, Cluster Data Ontap, Vasa Provider | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. | |||||
| CVE-2018-10535 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. | |||||
| CVE-2018-10534 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. | |||||
| CVE-2018-10373 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. | |||||
| CVE-2018-12699 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2019-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | |||||
| CVE-2018-20651 | 1 Gnu | 1 Binutils | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. | |||||
| CVE-2018-10372 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | |||||
| CVE-2018-1000156 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Patch and 6 more | 2019-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | |||||
| CVE-2019-13636 | 1 Gnu | 1 Patch | 2019-07-24 | 5.8 MEDIUM | 5.9 MEDIUM |
| In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | |||||
| CVE-2012-6711 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2019-06-20 | 4.6 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). | |||||
| CVE-2014-9761 | 5 Canonical, Fedoraproject, Gnu and 2 more | 9 Ubuntu Linux, Fedora, Glibc and 6 more | 2019-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |||||