ALT-PU-2023-5880-3 — arm-none-eabi-binutils

BDU:2025-03957

MEDIUM4.7

Уязвимость функции bfd_mach_o_get_synthetic_symtab() компонента bfd/mach-o.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-04-09Modified: 2025-10-06

CVSS 3.xMEDIUM 4.7

CVSS:3.x/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:N/A:C

References

CVE-2023-25588

BDU:2025-12518

MEDIUM4.7

Уязвимость модуля struct программного средства разработки GNU Binutils, связанная с ошибками при инициализации переменных, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-10-06Modified: 2025-10-29

CVSS 3.xMEDIUM 4.7

CVSS:3.x/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:N/A:C

References

CVE-2023-25585

BDU:2026-01797

MEDIUM6.5

Уязвимость функции _bfd_elf_slurp_version_tables() компонента bfd/elf.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-16Modified: 2026-03-04

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-1972

CVE-2023-1972

MEDIUM6.5

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Published: 2023-05-17Modified: 2025-01-22

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2023-25585

MEDIUM5.5

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Published: 2023-09-14Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2023-25586

MEDIUM5.5

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

Published: 2023-09-14Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2023-25588

MEDIUM5.5

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

Published: 2023-09-14Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Package update arm-none-eabi-binutils in branch sisyphus

Closed issues (7)

Уязвимость функции bfd_mach_o_get_synthetic_symtab() компонента bfd/mach-o.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции _bfd_elf_slurp_version_tables() компонента bfd/elf.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.