Filtered by vendor Gnu
Subscribe
Total
989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9755 | 1 Gnu | 1 Binutils | 2018-01-08 | 6.8 MEDIUM | 7.8 HIGH |
opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
CVE-2017-7225 | 1 Gnu | 1 Binutils | 2018-01-08 | 5.0 MEDIUM | 7.5 HIGH |
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | |||||
CVE-2017-7227 | 1 Gnu | 1 Binutils | 2018-01-08 | 5.0 MEDIUM | 7.5 HIGH |
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | |||||
CVE-2017-7507 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | |||||
CVE-2016-7543 | 2 Fedoraproject, Gnu | 2 Fedora, Bash | 2018-01-04 | 7.2 HIGH | 8.4 HIGH |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||||
CVE-2017-7869 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | |||||
CVE-2016-7444 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | |||||
CVE-2015-8777 | 1 Gnu | 1 Glibc | 2018-01-04 | 2.1 LOW | 5.5 MEDIUM |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | |||||
CVE-2016-0634 | 1 Gnu | 1 Bash | 2018-01-04 | 6.0 MEDIUM | 7.5 HIGH |
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | |||||
CVE-2015-2806 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2018-01-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. | |||||
CVE-2015-0282 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | N/A |
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||||
CVE-2017-13090 | 2 Debian, Gnu | 2 Debian Linux, Wget | 2017-12-29 | 9.3 HIGH | 8.8 HIGH |
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | |||||
CVE-2017-13089 | 2 Debian, Gnu | 2 Debian Linux, Wget | 2017-12-29 | 9.3 HIGH | 8.8 HIGH |
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. | |||||
CVE-2014-3466 | 1 Gnu | 1 Gnutls | 2017-12-28 | 6.8 MEDIUM | N/A |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. | |||||
CVE-2011-4128 | 1 Gnu | 1 Gnutls | 2017-12-28 | 4.3 MEDIUM | N/A |
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. | |||||
CVE-2014-3465 | 1 Gnu | 1 Gnutls | 2017-12-28 | 5.0 MEDIUM | N/A |
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. | |||||
CVE-2017-17440 | 1 Gnu | 1 Libextractor | 2017-12-22 | 4.3 MEDIUM | 6.5 MEDIUM |
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. | |||||
CVE-2002-2099 | 1 Gnu | 1 Data Display Debugger | 2017-12-18 | 7.2 HIGH | N/A |
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE. | |||||
CVE-2014-0466 | 1 Gnu | 1 A2ps | 2017-12-15 | 6.8 MEDIUM | N/A |
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. | |||||
CVE-2017-17426 | 1 Gnu | 1 Glibc | 2017-12-15 | 6.8 MEDIUM | 8.1 HIGH |
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. |