CVE & Exploit Intelligence Database

CVE-2021-46174 7.5 HIGH EPSS 0.00

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

CWE-787 Aug 22, 2023

CVE-2020-35342 7.5 HIGH EPSS 0.00

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

CWE-665 Aug 22, 2023

CVE-2020-21490 5.5 MEDIUM EPSS 0.00

An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

CWE-401 Aug 22, 2023

CVE-2020-19726 8.8 HIGH EPSS 0.00

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

CWE-400 Aug 22, 2023

CVE-2020-19724 5.5 MEDIUM EPSS 0.00

A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

CWE-401 Aug 22, 2023

CVE-2021-32256 6.5 MEDIUM EPSS 0.00

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

CWE-787 Jul 18, 2023

CVE-2023-1972 6.5 MEDIUM EPSS 0.00

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

CWE-119 May 17, 2023

CVE-2023-1579 7.8 HIGH EPSS 0.00

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

CWE-119 Apr 03, 2023

CVE-2022-4285 5.5 MEDIUM EPSS 0.00

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

CWE-476 Jan 27, 2023

CVE-2022-38533 5.5 MEDIUM EPSS 0.00

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

CWE-787 Aug 26, 2022

CVE-2021-45078 7.8 HIGH EPSS 0.00

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

CWE-787 Dec 15, 2021

CVE-2021-37322 7.8 HIGH EPSS 0.00

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

CWE-416 Nov 18, 2021

CVE-2021-3530 7.5 HIGH EPSS 0.00

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

CWE-674 Jun 02, 2021

CVE-2021-3549 7.1 HIGH EPSS 0.00

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

CWE-119 May 26, 2021

CVE-2021-20294 7.8 HIGH 1 PoC Analysis EPSS 0.16

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

CWE-787 Apr 29, 2021

CVE-2021-20284 5.5 MEDIUM EPSS 0.00

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

CWE-119 Mar 26, 2021

CVE-2021-20197 6.3 MEDIUM EPSS 0.00

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CWE-362 Mar 26, 2021

CVE-2020-35507 5.5 MEDIUM EPSS 0.00

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

CWE-476 Jan 04, 2021

CVE-2020-35496 5.5 MEDIUM EPSS 0.00

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CWE-476 Jan 04, 2021

CVE-2020-35495 5.5 MEDIUM EPSS 0.00

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CWE-476 Jan 04, 2021