Docker golang:stretch

Overview

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

References

• Debian Security Announcement
• Debian Security Tracker
• MLIST
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker

Overview

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

References

• Apache Security Advisory
• CONFIRM
• CONFIRM
• Debian Security Announcement
• Debian Security Tracker
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker

Overview

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

References

• Debian Bug Report
• Debian Security Tracker
• MISC
• MISC
• MISC
• MISC
• RedHat CVE Database

Overview

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

References

• CONFIRM
• Debian Security Tracker
• GitHub Commit
• MISC
• MISC
• MLIST
• Ubuntu CVE Tracker

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

References

• CONFIRM
• Debian Security Tracker
• MISC
• Netapp Security Advisory
• UBUNTU
• Ubuntu CVE Tracker

Overview

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Security Focus
• Ubuntu CVE Tracker

Overview

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

References

• Debian Security Tracker
• MISC
• Ubuntu CVE Tracker

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• Security Focus
• Ubuntu CVE Tracker

Overview

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to CVE-2021-20197.

Remediation

There is no fixed version for binutils.

References

• ADVISORY

Overview

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.

References

• Debian Security Tracker
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/
• https://sourceware.org/bugzilla/show_bug.cgi?id=22186
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48

Overview

Affected versions of this package are vulnerable to Double Free. A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• MISC
• MISC

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• FEDORA
• MISC

Overview

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

References

• Debian Security Tracker
• Security Focus
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54

Overview

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

References

• ADVISORY
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• REDHAT
• RHSA Security Advisory
• UBUNTU
• Ubuntu CVE Tracker

Overview

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

References

• CONFIRM
• Debian Security Tracker
• MISC
• Netapp Security Advisory
• Ubuntu CVE Tracker

Overview

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Security Focus

Overview

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf

Overview

The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

References

• CVE Details
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Netapp Security Advisory
• SUSE
• SUSE
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• Ubuntu CVE Tracker

Overview

coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• Ubuntu CVE Tracker

Overview

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

References

• Debian Security Tracker
• MISC
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Security Focus
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• Ubuntu CVE Tracker

Overview

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

References

• Debian Security Tracker
• GENTOO
• MISC
• Netapp Security Advisory
• SUSE
• SUSE
• UBUNTU
• Ubuntu CVE Tracker

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

References

• Debian Security Tracker
• GENTOO
• MISC
• MISC
• Netapp Security Advisory
• SUSE
• SUSE
• UBUNTU
• Ubuntu CVE Tracker

Overview

A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• MISC
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

References

• Debian Security Tracker
• MISC
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

References

• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus

Overview

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Ubuntu CVE Tracker

Overview

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

References

• Debian Security Tracker
• MISC
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Ubuntu CVE Tracker

Overview

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

References

• CONFIRM
• CVE Details
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Netapp Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

References

• CONFIRM
• Debian Security Tracker

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• MISC
• MISC

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• MISC
• MISC

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• FEDORA
• FEDORA
• MISC
• MISC

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• FEDORA
• MISC

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• FEDORA
• MISC

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

Remediation

There is no fixed version for binutils.

References

• ADVISORY
• CONFIRM
• MISC

Overview

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf

Overview

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• Netapp Security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.

References

• Debian Security Tracker
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/
• https://sourceware.org/bugzilla/show_bug.cgi?id=22166
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe

Overview

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.

References

• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• SUSE
• SUSE
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• Netapp Security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.

References

• Debian Security Tracker
• MISC
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.

References

• Debian Security Tracker
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/
• https://sourceware.org/bugzilla/show_bug.cgi?id=22201
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8

Overview

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
• https://sourceware.org/bugzilla/show_bug.cgi?id=22200
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf

Overview

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• MISC
• RHSA Security Advisory
• Security Focus
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21576

Overview

opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21588

Overview

The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution.

References

• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21580

Overview

bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution.

References

• Debian Security Tracker
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21589

Overview

The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

References

• Debian Security Tracker
• Exploit DB
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21581

Overview

The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

References

• Debian Security Tracker
• Exploit DB
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21582

Overview

The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21579

Overview

The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21595

Overview

opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21587

Overview

The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21578

Overview

opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21594

Overview

The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21591

Overview

The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21591

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

References

• BUGTRAQ
• Debian Security Tracker
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• UBUNTU
• Ubuntu CVE Tracker

Overview

The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Gentoo Security Advisory
• Ubuntu CVE Tracker

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

References

• Debian Security Tracker
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• UBUNTU
• Ubuntu CVE Tracker

Overview

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/
• https://sourceware.org/bugzilla/show_bug.cgi?id=22209
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a

Overview

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=22361
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b

Overview

The regs macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21586

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.

References

• Debian Security Tracker
• MISC
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

• Debian Security Tracker
• Gentoo Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• https://sourceware.org/bugzilla/show_bug.cgi?id=21577