Debian Binutils vulnerabilities

CVE-2021-3826 [MEDIUM] CVE-2021-3826: binutils - Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libibe... Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. Scope: local bookworm: resolved (fixed in 2.37.50.20220121-1) bullseye: open forky: resolved (fixed in 2.37.50.20220121-1) sid: resolved (fixed in 2.37.50.20220121-

CVE-2021-46195 [MEDIUM] CVE-2021-46195: binutils - GCC v12.0 was discovered to contain an uncontrolled recursion via the component ... GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. Scope: local bookworm: resolved (fixed in 2.37.90.20220207-1) bullseye: open forky: resolved (fixed in 2.37.90.20220207-1) sid: resolved (

CVE-2021-20284 [MEDIUM] CVE-2021-20284: binutils - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer over... A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 2.37-3) bullseye: open forky: resolved (fixed in 2.37-3) sid:

CVE-2021-3530 [HIGH] CVE-2021-3530: binutils - A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c... A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. Scope: local bookworm: resolved (fixed in 2.37.90.20220207-1) bullseye: open forky: resolved (fixed in 2.37.90.20220207-1) sid: resolved (fixed in 2.37.90.20220207-1)

CVE-2020-16591 [MEDIUM] CVE-2020-16591: binutils - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in ... A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. Scope: local bookworm: resolved (fixed in 2.35-1) bullseye: resolved (fixed in 2.35-1) forky: resolved (fixed in 2.35-1) sid: resolved (fixed in 2.35-1) trixie: resolved (fixed in 2.35-1)

CVE-2020-35493 [MEDIUM] CVE-2020-35493: binutils - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a craf... A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Scope: local bookworm: resolved (fixed in 2.33.50.20200107-1) bullseye: resolved (

CVE-2020-16599 [MEDIUM] CVE-2020-16599: binutils - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (B... A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 2.35-1) bullseye: resolved (fixed in 2.35-1) forky: resolve

CVE-2020-16592 [MEDIUM] CVE-2020-16592: binutils - A use after free issue exists in the Binary File Descriptor (BFD) library (aka l... A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 2.35-1) bullseye: resolved (fixed in 2.35-1) forky: resolved (fixed in 2.35-1) sid: resolved (fixed in 2.35-1) tr

CVE-2020-16593 [MEDIUM] CVE-2020-16593: binutils - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (B... A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 2.35-1) bullseye: resolved (fixed in 2.35-1) forky: resolved (fixed i

CVE-2020-21490 [MEDIUM] CVE-2020-21490: binutils - An issue was discovered in GNU Binutils 2.34. It is a memory leak when process m... An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. Scope: local bookworm: resolved (fixed in 2.33.50.20200107-1) bullseye: resolved (fixed in 2.33.50.20200107-1) forky: resolved (fixed in 2.33.50.20200107-1) sid: resolved (fixed in 2.33.50.20200107-1) trixie: res

CVE-2020-16590 [MEDIUM] CVE-2020-16590: binutils - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libb... A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. Scope: local bookworm: resolved (fixed in 2.35-1) bullseye: resolved (fixed in 2.35-1) forky: resolved (fixed in 2.35-1) sid: resolved (fixed in 2.35-1) trixie: resolved (fixed in 2.3

CVE-2020-35495 [MEDIUM] CVE-2020-35495: binutils - There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a craft... There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Scope: local bookworm: resolved (fixed in 2.33.50.20200107-1) bullseye: re

CVE-2020-35342 [HIGH] CVE-2020-35342: binutils - GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic... GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. Scope: local bookworm: resolved (fixed in 2.33.50.20200107-1) bullseye: resolved (fixed in 2.33.50.20200107-1) forky: resolved (fixed in 2.33.50.20200107-1) sid: resolved (fixed in 2.33.50.

CVE-2020-19726 [HIGH] CVE-2020-19726: binutils - An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symb... An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. Scope: local bookworm: resolved (fixed in 2.37-3) bullseye: open forky: resolved (fixed in 2.37-3) sid: resolved (fixed in 2.37-3) trixie: resolved (fixed in 2.37-3)

CVE-2020-35448 [LOW] CVE-2020-35448: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)... An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. Scope: local bookworm: resolved (fixed in 2.37-3) bullseye: open forky: resolved (fix

CVE-2020-19724 [MEDIUM] CVE-2020-19724: binutils - A memory consumption issue in get_data function in binutils/nm.c in GNU nm befor... A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Scope: local bookworm: resolved (fixed in 2.33.50.20200114-1) bullseye: resolved (fixed in 2.33.50.20200114-1) forky: resolved (fixed in 2.33.50.20200114-1) sid: resolved (fixed in 2.33.50.20200114-1) trixie: re

CVE-2020-35496 [MEDIUM] CVE-2020-35496: binutils - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which co... There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Scope: local bookworm: resolved (fixed in 2.33

CVE-2020-35494 [MEDIUM] CVE-2020-35494: binutils - There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to subm... There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Scope: local bookworm: resolved (fixed in 2.

CVE-2020-35507 [MEDIUM] CVE-2020-35507: binutils - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versi... There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. Scope: local bookworm: resolved (fixed in 2.33.50.20200107-1) bullseye:

CVE-2019-1010204 [MEDIUM] CVE-2019-1010204: binutils - GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: ... GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. Scope: local bookwo