Gnu Binutils vulnerabilities
285 known vulnerabilities affecting gnu/binutils.
Total CVEs
285
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH112MEDIUM153LOW15
Vulnerabilities
Page 4 of 15
CVE-2022-47011MEDIUMCVSS 5.5≥ 2.34, ≤ 2.382023-08-22
CVE-2022-47011 [MEDIUM] CWE-401 CVE-2022-47011: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, all
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
nvdosv
CVE-2020-19724MEDIUMCVSS 5.5fixed in 2.342023-08-22
CVE-2020-19724 [MEDIUM] CWE-401 CVE-2020-19724: A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attack
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
nvdosv
CVE-2022-47008MEDIUMCVSS 5.5≥ 2.34, ≤ 2.382023-08-22
CVE-2022-47008 [MEDIUM] CWE-401 CVE-2022-47008: An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
nvdosv
CVE-2022-35206MEDIUMCVSS 5.5v2.38.502023-08-22
CVE-2022-35206 [MEDIUM] CWE-476 CVE-2022-35206: Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_att
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
nvdosv
CVE-2022-47007MEDIUMCVSS 5.5≥ 2.34, ≤ 2.382023-08-22
CVE-2022-47007 [MEDIUM] CWE-401 CVE-2022-47007: An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
nvdosv
CVE-2022-35205MEDIUMCVSS 5.5v2.38.502023-08-22
CVE-2022-35205 [MEDIUM] CWE-617 CVE-2022-35205: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
nvdosv
CVE-2022-48064MEDIUMCVSS 5.5fixed in 2.402023-08-22
CVE-2022-48064 [MEDIUM] CWE-770 CVE-2022-48064: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
nvdosv
CVE-2020-21490MEDIUMCVSS 5.5fixed in 2.342023-08-22
CVE-2020-21490 [MEDIUM] CWE-401 CVE-2020-21490: An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. Thi
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
nvdosv
CVE-2022-47010MEDIUMCVSS 5.5≥ 2.34, ≤ 2.382023-08-22
CVE-2022-47010 [MEDIUM] CWE-401 CVE-2022-47010: An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows atta
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
nvdosv
CVE-2022-48063MEDIUMCVSS 5.5fixed in 2.402023-08-22
CVE-2022-48063 [MEDIUM] CWE-400 CVE-2022-48063: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
nvdosv
CVE-2022-48065MEDIUMCVSS 5.5fixed in 2.402023-08-22
CVE-2022-48065 [MEDIUM] CWE-401 CVE-2022-48065: GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
nvdosv
CVE-2021-32256MEDIUMCVSS 6.5v2.362023-07-18
CVE-2021-32256 [MEDIUM] CWE-787 CVE-2021-32256: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflo
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
nvd
CVE-2023-1972MEDIUMCVSS 6.5≥ 2.35, ≤ 2.40vaffected at least binutils 2.402023-05-17
CVE-2023-1972 [MEDIUM] CWE-119 CVE-2023-1972: A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. Th
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
cvelistv5nvdosv
CVE-2023-1579HIGHCVSS 7.8v2.39vunknown2023-04-03
CVE-2023-1579 [HIGH] CWE-119 CVE-2023-1579: Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
cvelistv5nvdosv
CVE-2022-4285MEDIUMCVSS 5.5≥ 2.35, < 2.39-72023-01-27
CVE-2022-4285 [MEDIUM] CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corr
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
cvelistv5nvdosv
CVE-2021-3826MEDIUMCVSS 6.5≥ 0, < 2.37.50.20220121-12022-09-01
CVE-2021-3826 [MEDIUM] CVE-2021-3826: Heap/stack buffer overflow in the dlang_lname function in d-demangle
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
osv
CVE-2022-38533MEDIUMCVSS 5.5≤ 2.392022-08-26
CVE-2022-38533 [MEDIUM] CWE-787 CVE-2022-38533: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when c
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
nvdosv
CVE-2021-46195MEDIUMCVSS 5.5≥ 0, < 2.37.90.20220207-12022-01-14
CVE-2021-46195 [MEDIUM] CVE-2021-46195: GCC v12
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
osv
CVE-2021-45078HIGHCVSS 7.8≤ 2.372021-12-15
CVE-2021-45078 [HIGH] CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial o
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
nvdosv
CVE-2021-37322HIGHCVSS 7.8fixed in 2.322021-11-18
CVE-2021-37322 [HIGH] CWE-416 CVE-2021-37322: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-d
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
nvdosv