GNU : Security Vulnerabilities, CVEs, (Denial of service) CVSS score >= 1
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-14
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-16
Updated
2024-03-05
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Max CVSS
5.9
EPSS Score
0.10%
Published
2023-02-28
Updated
2023-03-31
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-02
Updated
2024-01-08
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-14
Updated
2023-11-04
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-14
Updated
2023-11-04
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-14
Updated
2023-11-04
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-04-08
Updated
2023-04-19
A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-05-18
Updated
2024-04-11
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-22
Updated
2023-08-26
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-09-05
Updated
2022-10-01
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-09-05
Updated
2022-10-01
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-22
Updated
2023-10-06
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
Max CVSS
5.5
EPSS Score
0.07%
Published
2022-09-06
Updated
2023-06-23
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
Max CVSS
5.5
EPSS Score
0.08%
Published
2022-09-06
Updated
2023-02-12
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-09-06
Updated
2023-02-12
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.91%
Published
2022-01-14
Updated
2022-11-08
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.91%
Published
2022-01-14
Updated
2022-11-08
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-01-27
Updated
2023-09-30