| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1010025 |
200 |
|
Bypass +Info |
2019-07-15 |
2019-08-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability." |
|
2 |
CVE-2019-1010024 |
200 |
|
Bypass +Info |
2019-07-15 |
2019-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. |
|
3 |
CVE-2019-15847 |
331 |
|
|
2019-09-02 |
2019-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. |
|
4 |
CVE-2019-13636 |
59 |
|
|
2019-07-17 |
2019-07-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. |
|
5 |
CVE-2019-9923 |
476 |
|
|
2019-03-22 |
2019-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. |
|
6 |
CVE-2019-3836 |
824 |
|
|
2019-04-01 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. |
|
7 |
CVE-2019-3829 |
415 |
|
Mem. Corr. |
2019-03-27 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
|
8 |
CVE-2018-20796 |
674 |
|
|
2019-02-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
|
9 |
CVE-2018-20657 |
772 |
|
DoS |
2019-01-02 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. |
|
10 |
CVE-2018-19591 |
20 |
|
|
2018-12-04 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. |
|
11 |
CVE-2018-12934 |
770 |
|
|
2018-06-28 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. |
|
12 |
CVE-2018-12700 |
835 |
|
|
2018-06-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. |
|
13 |
CVE-2018-12698 |
|
|
|
2018-06-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. |
|
14 |
CVE-2018-12697 |
476 |
|
|
2018-06-23 |
2019-08-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. |
|
15 |
CVE-2018-6952 |
415 |
|
|
2018-02-13 |
2019-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
|
16 |
CVE-2018-6951 |
476 |
|
DoS |
2018-02-13 |
2019-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. |
|
17 |
CVE-2018-6003 |
674 |
|
|
2018-01-22 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. |
|
18 |
CVE-2017-15938 |
119 |
|
DoS Overflow |
2017-10-27 |
2018-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). |
|
19 |
CVE-2017-15602 |
835 |
|
|
2017-10-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. |
|
20 |
CVE-2017-15601 |
119 |
|
Overflow |
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. |
|
21 |
CVE-2017-15600 |
476 |
|
|
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. |
|
22 |
CVE-2017-15267 |
476 |
|
|
2017-10-11 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. |
|
23 |
CVE-2017-13710 |
476 |
|
DoS |
2017-08-27 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. |
|
24 |
CVE-2017-12961 |
20 |
|
DoS |
2017-08-18 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. |
|
25 |
CVE-2017-12960 |
617 |
|
DoS |
2017-08-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. |
|
26 |
CVE-2017-12959 |
617 |
|
DoS |
2017-08-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. |
|
27 |
CVE-2017-12958 |
125 |
|
DoS |
2017-08-18 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. |
|
28 |
CVE-2017-12836 |
|
|
Exec Code |
2017-08-24 |
2019-10-02 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." |
|
29 |
CVE-2017-11113 |
476 |
|
DoS |
2017-07-08 |
2019-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. |
|
30 |
CVE-2017-11112 |
20 |
|
DoS |
2017-07-08 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. |
|
31 |
CVE-2017-10790 |
476 |
|
DoS |
2017-07-01 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. |
|
32 |
CVE-2017-8398 |
119 |
|
Overflow |
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. |
|
33 |
CVE-2017-8397 |
119 |
|
Overflow |
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
34 |
CVE-2017-8396 |
20 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
35 |
CVE-2017-8395 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. |
|
36 |
CVE-2017-8394 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. |
|
37 |
CVE-2017-8393 |
125 |
|
|
2017-05-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. |
|
38 |
CVE-2017-8392 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
39 |
CVE-2017-7869 |
787 |
|
Overflow |
2017-04-14 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |
|
40 |
CVE-2017-7853 |
119 |
|
Overflow |
2017-04-13 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. |
|
41 |
CVE-2017-7507 |
476 |
|
|
2017-06-16 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. |
|
42 |
CVE-2017-7304 |
125 |
|
|
2017-03-29 |
2017-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. |
|
43 |
CVE-2017-7303 |
125 |
|
|
2017-03-29 |
2017-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. |
|
44 |
CVE-2017-7302 |
125 |
|
|
2017-03-29 |
2017-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. |
|
45 |
CVE-2017-7301 |
20 |
|
|
2017-03-29 |
2017-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. |
|
46 |
CVE-2017-7300 |
125 |
|
|
2017-03-29 |
2017-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. |
|
47 |
CVE-2017-7227 |
119 |
|
Overflow |
2017-03-22 |
2018-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. |
|
48 |
CVE-2017-7225 |
476 |
|
|
2017-03-22 |
2018-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. |
|
49 |
CVE-2017-7223 |
119 |
|
Overflow |
2017-03-22 |
2018-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. |
|
50 |
CVE-2017-5357 |
416 |
|
DoS |
2017-02-16 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. |
