CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-15938 119 DoS Overflow 2017-10-27 2017-11-01
5.0
None Remote Low Not required None None Partial
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
2 CVE-2017-15602 119 Overflow 2017-10-18 2017-10-25
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
3 CVE-2017-15601 119 Overflow 2017-10-18 2017-10-25
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
4 CVE-2017-15600 476 2017-10-18 2017-10-25
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
5 CVE-2017-15267 476 2017-10-11 2017-10-25
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
6 CVE-2017-13710 476 DoS 2017-08-27 2017-08-29
5.0
None Remote Low Not required None None Partial
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
7 CVE-2017-12961 20 DoS 2017-08-18 2017-09-01
5.0
None Remote Low Not required None None Partial
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
8 CVE-2017-12960 20 DoS 2017-08-18 2017-09-01
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
9 CVE-2017-12959 20 DoS 2017-08-18 2017-09-01
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
10 CVE-2017-12958 125 DoS 2017-08-18 2017-09-01
5.0
None Remote Low Not required None None Partial
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
11 CVE-2017-12836 77 Exec Code 2017-08-24 2017-09-25
5.1
None Remote High Not required Partial Partial Partial
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
12 CVE-2017-11113 476 DoS 2017-07-08 2017-07-13
5.0
None Remote Low Not required None None Partial
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
13 CVE-2017-11112 20 DoS 2017-07-08 2017-07-13
5.0
None Remote Low Not required None None Partial
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
14 CVE-2017-10790 476 DoS 2017-07-01 2017-10-14
5.0
None Remote Low Not required None None Partial
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
15 CVE-2017-8398 119 Overflow 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.
16 CVE-2017-8397 119 Overflow 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
17 CVE-2017-8396 20 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
18 CVE-2017-8395 476 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
19 CVE-2017-8394 476 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
20 CVE-2017-8393 119 Overflow 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.
21 CVE-2017-8392 476 2017-05-01 2017-09-18
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
22 CVE-2017-7869 787 Overflow 2017-04-14 2017-04-25
5.0
None Remote Low Not required None None Partial
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
23 CVE-2017-7853 119 Overflow 2017-04-13 2017-11-03
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
24 CVE-2017-7507 476 2017-06-16 2017-11-03
5.0
None Remote Low Not required None None Partial
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
25 CVE-2017-7304 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.
26 CVE-2017-7303 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
27 CVE-2017-7302 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.
28 CVE-2017-7301 20 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.
29 CVE-2017-7300 125 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
30 CVE-2017-7227 119 Overflow 2017-03-22 2017-03-30
5.0
None Remote Low Not required None None Partial
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
31 CVE-2017-7225 476 2017-03-22 2017-04-03
5.0
None Remote Low Not required None None Partial
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
32 CVE-2017-7223 119 Overflow 2017-03-22 2017-03-24
5.0
None Remote Low Not required None None Partial
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
33 CVE-2017-5357 416 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
34 CVE-2017-5335 125 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
35 CVE-2016-10326 119 Overflow 2017-04-13 2017-11-03
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.
36 CVE-2016-10325 119 Overflow 2017-04-13 2017-11-03
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.
37 CVE-2016-8605 275 2017-01-12 2017-01-18
5.0
None Remote Low Not required None Partial None
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
38 CVE-2016-7444 264 Bypass 2016-09-27 2017-03-24
5.0
None Remote Low Not required None Partial None
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
39 CVE-2016-6323 284 DoS 2016-10-07 2017-06-30
5.0
None Remote Low Not required None None Partial
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
40 CVE-2016-6321 22 Dir. Trav. Bypass 2016-12-09 2017-06-30
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
41 CVE-2016-6263 125 DoS 2016-09-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
42 CVE-2016-6262 125 +Info 2016-09-07 2016-09-08
5.0
None Remote Low Not required Partial None None
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
43 CVE-2016-6261 125 DoS 2016-09-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
44 CVE-2016-6131 20 DoS Overflow 2017-02-07 2017-02-09
5.0
None Remote Low Not required None None Partial
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
45 CVE-2016-5417 399 DoS 2017-02-16 2017-02-17
5.0
None Remote Low Not required None None Partial
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
46 CVE-2016-3706 20 DoS Overflow 2016-06-10 2017-12-07
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
47 CVE-2016-3075 119 DoS Overflow 2016-06-01 2017-06-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
48 CVE-2016-1234 119 DoS Overflow 2016-06-01 2017-06-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
49 CVE-2015-8948 125 +Info 2016-09-07 2016-11-28
5.0
None Remote Low Not required Partial None None
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
50 CVE-2015-6806 119 DoS Overflow 2015-09-28 2015-09-29
5.0
None Remote Low Not required None None Partial
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
Total number of vulnerabilities : 148   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.