U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 40 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-38128

An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.

Published: September 01, 2022; 5:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-38127

A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.

Published: September 01, 2022; 5:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-38126

Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.

Published: September 01, 2022; 5:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-38533

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Published: August 25, 2022; 8:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-45078

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Published: December 15, 2021; 3:15:08 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

Published: November 18, 2021; 5:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3487

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Published: April 15, 2021; 10:15:17 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Published: March 26, 2021; 1:15:12 PM -0400
V3.1: 6.3 MEDIUM
V2.0: 3.3 LOW
CVE-2020-35507

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

Published: January 04, 2021; 10:15:15 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-35496

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

Published: January 04, 2021; 10:15:14 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

Published: January 04, 2021; 10:15:13 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

Published: January 04, 2021; 10:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-35493

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

Published: January 04, 2021; 10:15:12 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-1010204

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Published: July 23, 2019; 10:15:13 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20671

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

Published: January 04, 2019; 11:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-1000876

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

Published: December 20, 2018; 12:29:01 PM -0500
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2018-19932

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

Published: December 07, 2018; 2:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-19931

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

Published: December 07, 2018; 2:29:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-13033

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

Published: July 01, 2018; 12:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-12934

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Published: June 28, 2018; 10:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM