CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9044 125 DoS 2017-05-17 2017-05-24
4.3
None Remote Medium Not required None None Partial
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.
2 CVE-2017-9043 20 DoS 2017-05-17 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
3 CVE-2017-9042 704 DoS 2017-05-17 2017-05-23
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
4 CVE-2017-9041 125 DoS 2017-05-17 2017-05-24
4.3
None Remote Medium Not required None None Partial
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.
5 CVE-2017-9040 476 DoS 2017-05-17 2017-05-24
4.3
None Remote Medium Not required None None Partial
GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.
6 CVE-2017-9039 399 DoS 2017-05-17 2017-05-24
4.3
None Remote Medium Not required None None Partial
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.
7 CVE-2017-9038 125 DoS 2017-05-17 2017-05-24
4.3
None Remote Medium Not required None None Partial
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.
8 CVE-2017-8804 502 DoS 2017-05-07 2017-05-15
7.8
None Remote Low Not required None None Complete
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
9 CVE-2017-8421 399 2017-05-02 2017-05-12
7.1
None Remote Medium Not required None None Complete
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.
10 CVE-2017-8398 119 Overflow 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.
11 CVE-2017-8397 119 Overflow 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
12 CVE-2017-8396 20 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
13 CVE-2017-8395 476 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
14 CVE-2017-8394 476 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
15 CVE-2017-8393 119 Overflow 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.
16 CVE-2017-8392 476 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
17 CVE-2017-7869 787 Overflow 2017-04-14 2017-04-25
5.0
None Remote Low Not required None None Partial
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
18 CVE-2017-7853 119 Overflow 2017-04-13 2017-05-07
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
19 CVE-2017-7614 476 DoS 2017-04-09 2017-04-13
7.5
None Remote Low Not required Partial Partial Partial
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
20 CVE-2017-7304 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.
21 CVE-2017-7303 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
22 CVE-2017-7302 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.
23 CVE-2017-7301 20 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.
24 CVE-2017-7300 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
25 CVE-2017-7299 125 2017-03-29 2017-03-31
4.3
None Remote Medium Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
26 CVE-2017-7227 119 Overflow 2017-03-22 2017-03-30
5.0
None Remote Low Not required None None Partial
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
27 CVE-2017-7226 119 Overflow 2017-03-22 2017-03-24
6.4
None Remote Low Not required Partial None Partial
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.
28 CVE-2017-7225 476 2017-03-22 2017-04-03
5.0
None Remote Low Not required None None Partial
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
29 CVE-2017-7224 787 2017-03-22 2017-04-03
4.3
None Remote Medium Not required None None Partial
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
30 CVE-2017-7223 119 Overflow 2017-03-22 2017-03-24
5.0
None Remote Low Not required None None Partial
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
31 CVE-2017-7210 119 Overflow 2017-03-21 2017-03-22
4.3
None Remote Medium Not required None None Partial
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
32 CVE-2017-7209 476 2017-03-21 2017-03-22
4.3
None Remote Medium Not required None None Partial
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
33 CVE-2017-6969 119 Overflow +Info 2017-03-17 2017-03-27
6.4
None Remote Low Not required Partial None Partial
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.
34 CVE-2017-6966 416 2017-03-17 2017-03-20
4.3
None Remote Medium Not required None None Partial
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.
35 CVE-2017-6965 119 Overflow 2017-03-17 2017-03-20
4.3
None Remote Medium Not required None None Partial
readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.
36 CVE-2017-6508 93 2017-03-07 2017-03-16
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
37 CVE-2017-5932 20 +Priv 2017-03-27 2017-03-31
4.6
None Local Low Not required Partial Partial Partial
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
38 CVE-2017-5618 275 +Priv 2017-03-20 2017-03-23
7.2
None Local Low Not required Complete Complete Complete
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
39 CVE-2017-5357 416 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
40 CVE-2017-5337 119 Overflow 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
41 CVE-2017-5336 119 Overflow 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
42 CVE-2017-5335 125 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
43 CVE-2017-5334 415 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
44 CVE-2016-10326 119 Overflow 2017-04-13 2017-04-19
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.
45 CVE-2016-10325 119 Overflow 2017-04-13 2017-04-19
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.
46 CVE-2016-10324 119 Overflow 2017-04-13 2017-04-19
7.5
None Remote Low Not required Partial Partial Partial
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.
47 CVE-2016-10228 20 DoS 2017-03-01 2017-03-03
4.3
None Remote Medium Not required None None Partial
The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
48 CVE-2016-9401 416 Bypass 2017-01-23 2017-01-26
2.1
None Local Low Not required None Partial None
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
49 CVE-2016-8606 284 Exec Code 2017-01-12 2017-01-18
7.5
None Remote Low Not required Partial Partial Partial
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
50 CVE-2016-8605 275 2017-01-12 2017-01-18
5.0
None Remote Low Not required None Partial None
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
Total number of vulnerabilities : 477   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.