Gnu Binutils vulnerabilities

CVE-2021-46195 [MEDIUM] CVE-2021-46195: GCC v12 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

CVE-2021-45078 [HIGH] CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial o stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

CVE-2021-37322 [HIGH] CWE-416 CVE-2021-37322: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-d GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

CVE-2021-3530 [HIGH] CWE-674 CVE-2021-3530: A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

CVE-2021-3549 [HIGH] CWE-119 CVE-2021-3549: An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

CVE-2021-20294 [HIGH] CWE-787 CVE-2021-20294: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim usin A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

CVE-2021-20197 [MEDIUM] CWE-59 CVE-2021-20197: There is an open race window when writing output in the following utilities in GNU binutils version There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary

CVE-2021-20284 [MEDIUM] CWE-119 CVE-2021-20284: A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slu A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

CVE-2020-35496 [MEDIUM] CWE-476 CVE-2020-35496: There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacke There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2020-35507 [MEDIUM] CWE-476 CVE-2020-35507: There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 wh There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

CVE-2020-35493 [MEDIUM] CWE-20 CVE-2020-35493: A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be p A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2020-35495 [MEDIUM] CWE-476 CVE-2020-35495: There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2020-35494 [MEDIUM] CWE-908 CVE-2020-35494: There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input f There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

CVE-2020-35448 [LOW] CWE-125 CVE-2020-35448: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

CVE-2020-16593 [MEDIUM] CWE-476 CVE-2020-16593: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka lib A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

CVE-2020-16599 [MEDIUM] CWE-476 CVE-2020-16599: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka lib A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVE-2020-16592 [MEDIUM] CWE-416 CVE-2020-16592: A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binuti A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVE-2020-16591 [MEDIUM] CWE-125 CVE-2020-16591: A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 du A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

CVE-2020-16590 [MEDIUM] CWE-415 CVE-2020-16590: A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

CVE-2019-17450 [MEDIUM] CWE-674 CVE-2019-17450: find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.