binutils

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A set of programs to assemble and manipulate binary and object files
Version 2.31.1-3 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-538 2.29.1-3 High Vulnerable
AVG-435 2.29.1-3 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2017-17126 AVG-538 High Yes Denial of service
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and...
CVE-2017-17125 AVG-538 Medium Yes Denial of service
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service...
CVE-2017-17124 AVG-538 High Yes Arbitrary code execution
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does...
CVE-2017-17123 AVG-538 Medium Yes Denial of service
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows...
CVE-2017-17122 AVG-538 High Yes Arbitrary code execution
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to...
CVE-2017-15996 AVG-435 High No Arbitrary code execution
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified...
CVE-2017-15025 AVG-435 Medium Yes Denial of service
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause...
CVE-2017-15024 AVG-435 Medium Yes Denial of service
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote...
CVE-2017-15023 AVG-435 Medium Yes Denial of service
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate...
CVE-2017-15022 AVG-435 Medium Yes Denial of service
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which...
CVE-2017-15021 AVG-435 Medium Yes Denial of service
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers...
CVE-2017-15020 AVG-435 Medium Yes Arbitrary code execution
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-276 2.28.0-4 2.29.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-9044 AVG-276 Medium No Denial of service
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows attackers to cause a denial of service (invalid read and SEGV)...
CVE-2017-9043 AVG-276 Medium No Denial of service
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow attackers...
CVE-2017-9042 AVG-276 Medium No Denial of service
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow attackers to cause a...
CVE-2017-9041 AVG-276 Medium No Denial of service
GNU Binutils 2.28 allows attackers to cause a denial of service (heap- based buffer over-read and application crash) via a crafted ELF file, related to MIPS...
CVE-2017-9040 AVG-276 Medium No Denial of service
GNU Binutils 2017-04-03 allows attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific...
CVE-2017-9039 AVG-276 Medium No Denial of service
GNU Binutils 2.28 allows attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the...
CVE-2017-9038 AVG-276 Medium No Denial of service
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related...
CVE-2017-7210 AVG-276 Medium No Denial of service
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in...
CVE-2017-7209 AVG-276 Medium No Denial of service
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a...
CVE-2017-6969 AVG-276 Medium No Denial of service
It has been discovered that readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries.
CVE-2017-6966 AVG-276 High No Arbitrary code execution
readelf in GNU Binutils 2.28 has a use-after-free (specifically read- after-free) error while processing multiple, relocated sections in an MSP430 binary....
CVE-2017-6965 AVG-276 High No Arbitrary code execution
A vulnerability was found in the readelf utility; part of binutils. A crafted ELF executable or shared library could cause readelf to write arbitrary...