Debian Binutils vulnerabilities

CVE-2018-18483 [HIGH] CVE-2018-18483: binutils - The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Bi... The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-

CVE-2018-1000876 [HIGH] CVE-2018-1000876: binutils - binutils version 2.32 and earlier contains a Integer Overflow vulnerability in o... binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fi

CVE-2018-8945 [MEDIUM] CVE-2018-8945: binutils - The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) ... The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. Scope: local bookworm: resolved (fixed in 2.30.90.20180627-1) bullseye: resolved (fixed in 2.30.90.20180627-1) forky: resol

CVE-2018-18700 [MEDIUM] CVE-2018-18700: binutils - An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU... An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated b

CVE-2018-17359 [MEDIUM] CVE-2018-17359: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)... An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-1) bullseye

CVE-2018-9138 [MEDIUM] CVE-2018-9138: binutils - An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU B... An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-1) bullseye: resolved (fixed i

CVE-2018-20002 [MEDIUM] CVE-2018-20002: binutils - The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descript... The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-1) bullseye: resolved (fixed in 2.32.51.

CVE-2018-18606 [MEDIUM] CVE-2018-18606: binutils - An issue was discovered in the merge_strings function in merge.c in the Binary F... An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demon

CVE-2018-18309 [MEDIUM] CVE-2018-18309: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)... An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_conten

CVE-2018-18484 [MEDIUM] CVE-2018-18484: binutils - An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU... An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. Scope: local bookworm: resolved (fixed in 2.32.51.20190

CVE-2018-13033 [MEDIUM] CVE-2018-13033: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. Scope: local book

CVE-2018-20623 [MEDIUM] CVE-2018-20623: binutils - In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfco... In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-1) bullseye: resolved (fixed in 2.32.51.20190707-1) forky: resolved (fixed in 2.32.51.20190707-1) sid: resolved (fixed in 2.32.51.20190707

CVE-2018-19932 [MEDIUM] CVE-2018-19932: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)... An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-1) bullseye: resolved (fixed in 2.32.51.20190707-1) forky: resolved (fixed in 2.32

CVE-2018-18701 [MEDIUM] CVE-2018-18701: binutils - An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU... An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrate

CVE-2018-20671 [MEDIUM] CVE-2018-20671: binutils - load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains... load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. Scope: local bookworm: resolved (fixed in 2.32.51.20190707-1) bullseye: resolved (fixed in 2.32.51.20190707-1) forky: resolved (fixed in 2.32.51.20190707-1) sid: resolved (fixe

CVE-2018-17358 [MEDIUM] CVE-2018-17358: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)... An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.32.

CVE-2017-7226 [CRITICAL] CVE-2017-7226: binutils - The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka li... The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure

CVE-2017-6969 [CRITICAL] CVE-2017-6969: binutils - readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read whil... readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. Scope: local bookworm: resolved (fixed in 2.28-3) bullseye: resolved (fixed in 2.28-3) forky: resolved (fixed in 2.28-3) sid: resolved (fixed in 2.28-3) trixi

CVE-2017-14729 [HIGH] CVE-2017-14729: binutils - The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library... The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to e

CVE-2017-14333 [HIGH] CVE-2017-14333: binutils - The process_version_sections function in readelf.c in GNU Binutils 2.29 allows a... The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. Scope: local bookworm: resolved (fixed in 2.29-9) bu