GNU Binutils 2.32

CPE Details

GNU Binutils 2.32
gnu
binutils
2.32
2019-05-09
15h39 +00:00
2022-08-03
14h05 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

binutils

Version

2.32

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-0840 2025-01-29 20h00 +00:00 A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.
6.3
Medium
CVE-2023-25584 2023-09-14 20h50 +00:00 An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
7.1
High
CVE-2020-19724 2023-08-21 22h00 +00:00 A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
5.5
Medium
CVE-2020-21490 2023-08-21 22h00 +00:00 An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
5.5
Medium
CVE-2020-35342 2023-08-21 22h00 +00:00 GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
7.5
High
CVE-2021-46174 2023-08-21 22h00 +00:00 Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
7.5
High
CVE-2022-44840 2023-08-21 22h00 +00:00 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
7.8
High
CVE-2022-45703 2023-08-21 22h00 +00:00 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
7.8
High
CVE-2022-47673 2023-08-21 22h00 +00:00 An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
7.8
High
CVE-2022-47695 2023-08-21 22h00 +00:00 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
7.8
High
CVE-2022-47696 2023-08-21 22h00 +00:00 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
7.8
High
CVE-2022-48063 2023-08-21 22h00 +00:00 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
5.5
Medium
CVE-2022-48064 2023-08-21 22h00 +00:00 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
5.5
Medium
CVE-2022-48065 2023-08-21 22h00 +00:00 GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
5.5
Medium
CVE-2022-38533 2022-08-24 22h00 +00:00 In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
5.5
Medium
CVE-2021-45078 2021-12-15 18h37 +00:00 stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
7.8
High
CVE-2021-20197 2021-03-26 15h47 +00:00 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
6.3
Medium
CVE-2020-35507 2021-01-04 13h24 +00:00 There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
5.5
Medium
CVE-2020-35496 2021-01-04 13h24 +00:00 There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
5.5
Medium
CVE-2020-35495 2021-01-04 13h23 +00:00 There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
5.5
Medium
CVE-2020-35494 2021-01-04 13h23 +00:00 There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
6.1
Medium
CVE-2020-35493 2021-01-04 13h22 +00:00 A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
5.5
Medium
CVE-2019-17450 2019-10-10 14h21 +00:00 find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
6.5
Medium
CVE-2019-17451 2019-10-10 14h20 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
6.5
Medium
CVE-2019-14444 2019-07-30 10h05 +00:00 apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
5.5
Medium
CVE-2019-14250 2019-07-24 01h30 +00:00 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
5.5
Medium
CVE-2019-12972 2019-06-26 11h27 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
5.5
Medium
CVE-2019-9070 2019-02-23 23h00 +00:00 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
7.8
High
CVE-2019-9071 2019-02-23 23h00 +00:00 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.
5.5
Medium
CVE-2019-9072 2019-02-23 23h00 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.
5.5
Medium
CVE-2019-9073 2019-02-23 23h00 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
5.5
Medium
CVE-2019-9074 2019-02-23 23h00 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
5.5
Medium
CVE-2019-9075 2019-02-23 23h00 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
7.8
High
CVE-2019-9076 2019-02-23 23h00 +00:00 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.
5.5
Medium
CVE-2019-9077 2019-02-23 23h00 +00:00 An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
7.8
High