Filtered by vendor Gnu
Subscribe
Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-17359 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. | |||||
CVE-2018-20430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | |||||
CVE-2019-9169 | 4 Canonical, Gnu, Mcafee and 1 more | 6 Ubuntu Linux, Glibc, Web Gateway and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | |||||
CVE-2018-20671 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. | |||||
CVE-2018-11236 | 4 Gnu, Netapp, Oracle and 1 more | 9 Glibc, Data Ontap Edge, Element Software Management and 6 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | |||||
CVE-2018-7568 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | |||||
CVE-2018-9138 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | |||||
CVE-2018-7642 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. | |||||
CVE-2018-11237 | 5 Canonical, Gnu, Netapp and 2 more | 10 Ubuntu Linux, Glibc, Data Ontap Edge and 7 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | |||||
CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Mailman and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | |||||
CVE-2018-6551 | 1 Gnu | 1 Glibc | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | |||||
CVE-2017-18199 | 1 Gnu | 1 Libcdio | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | |||||
CVE-2018-10372 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | |||||
CVE-2018-12934 | 1 Gnu | 1 Binutils | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. | |||||
CVE-2018-7570 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. | |||||
CVE-2018-13033 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. | |||||
CVE-2014-5044 | 1 Gnu | 1 Libgfortran | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. | |||||
CVE-2018-12697 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | |||||
CVE-2017-18198 | 1 Gnu | 1 Libcdio | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | |||||
CVE-2017-1000408 | 1 Gnu | 1 Glibc | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. |