| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-6460 |
476 |
|
|
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a. |
|
2 |
CVE-2019-6459 |
399 |
|
|
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. |
|
3 |
CVE-2019-6458 |
399 |
|
|
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. |
|
4 |
CVE-2019-6457 |
399 |
|
|
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. |
|
5 |
CVE-2019-6456 |
476 |
|
|
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a. |
|
6 |
CVE-2019-6455 |
415 |
|
|
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c. |
|
7 |
CVE-2018-1000876 |
190 |
|
Exec Code Overflow |
2018-12-20 |
2019-01-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. |
|
8 |
CVE-2018-1000654 |
399 |
|
|
2018-08-20 |
2018-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. |
|
9 |
CVE-2018-1000156 |
20 |
|
Exec Code |
2018-04-06 |
2018-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. |
|
10 |
CVE-2018-1000097 |
119 |
|
Exec Code Overflow |
2018-03-12 |
2018-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. |
|
11 |
CVE-2018-1000001 |
119 |
|
Exec Code Overflow |
2018-01-31 |
2018-06-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
|
12 |
CVE-2018-20712 |
119 |
|
Overflow |
2019-01-14 |
2019-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. |
|
13 |
CVE-2018-20673 |
190 |
|
Overflow |
2019-01-04 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. |
|
14 |
CVE-2018-20671 |
190 |
|
Overflow |
2019-01-04 |
2019-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. |
|
15 |
CVE-2018-20651 |
476 |
|
DoS |
2019-01-01 |
2019-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
16 |
CVE-2018-20623 |
416 |
|
|
2018-12-31 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. |
|
17 |
CVE-2018-20431 |
476 |
|
|
2018-12-24 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. |
|
18 |
CVE-2018-20430 |
125 |
|
|
2018-12-24 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. |
|
19 |
CVE-2018-20230 |
119 |
|
DoS Overflow |
2018-12-19 |
2019-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
20 |
CVE-2018-20002 |
399 |
|
DoS |
2018-12-09 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. |
|
21 |
CVE-2018-19932 |
190 |
|
Overflow |
2018-12-07 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. |
|
22 |
CVE-2018-19931 |
119 |
|
Overflow |
2018-12-07 |
2018-12-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. |
|
23 |
CVE-2018-19591 |
20 |
|
|
2018-12-04 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. |
|
24 |
CVE-2018-19217 |
476 |
|
DoS |
2018-11-12 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ncurses 6.1, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. |
|
25 |
CVE-2018-19211 |
476 |
|
DoS |
2018-11-12 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. |
|
26 |
CVE-2018-18751 |
415 |
|
|
2018-10-29 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. |
|
27 |
CVE-2018-18701 |
400 |
|
|
2018-10-29 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. |
|
28 |
CVE-2018-18700 |
400 |
|
|
2018-10-29 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. |
|
29 |
CVE-2018-18607 |
476 |
|
DoS |
2018-10-23 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
30 |
CVE-2018-18606 |
476 |
|
DoS |
2018-10-23 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
31 |
CVE-2018-18605 |
119 |
|
DoS Overflow |
2018-10-23 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
32 |
CVE-2018-18484 |
400 |
|
|
2018-10-18 |
2018-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. |
|
33 |
CVE-2018-18483 |
190 |
|
DoS Overflow |
2018-10-18 |
2018-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. |
|
34 |
CVE-2018-18309 |
119 |
|
DoS Overflow |
2018-10-14 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. |
|
35 |
CVE-2018-17985 |
400 |
|
|
2018-10-04 |
2018-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. |
|
36 |
CVE-2018-17794 |
476 |
|
|
2018-09-30 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. |
|
37 |
CVE-2018-17360 |
119 |
|
DoS Overflow |
2018-09-23 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. |
|
38 |
CVE-2018-17359 |
119 |
|
DoS Overflow |
2018-09-23 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. |
|
39 |
CVE-2018-17358 |
119 |
|
DoS Overflow |
2018-09-23 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. |
|
40 |
CVE-2018-16430 |
125 |
|
|
2018-09-03 |
2018-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. |
|
41 |
CVE-2018-13796 |
20 |
|
|
2018-07-12 |
2018-09-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. |
|
42 |
CVE-2018-13033 |
399 |
|
DoS |
2018-07-01 |
2018-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. |
|
43 |
CVE-2018-12934 |
399 |
|
|
2018-06-28 |
2018-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. |
|
44 |
CVE-2018-12700 |
399 |
|
|
2018-06-23 |
2018-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. |
|
45 |
CVE-2018-12699 |
787 |
|
DoS Overflow |
2018-06-23 |
2018-08-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. |
|
46 |
CVE-2018-12698 |
399 |
|
|
2018-06-23 |
2018-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. |
|
47 |
CVE-2018-12697 |
476 |
|
|
2018-06-23 |
2018-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. |
|
48 |
CVE-2018-12641 |
399 |
|
|
2018-06-22 |
2018-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. |
|
49 |
CVE-2018-11237 |
119 |
|
Overflow |
2018-05-18 |
2018-10-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. |
|
50 |
CVE-2018-11236 |
190 |
|
Exec Code Overflow |
2018-05-18 |
2018-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. |
