ALT-PU-2024-1491-1

BDU:2022-00594

HIGH7.5

Уязвимость функции stab_xcoff_builtin_type (stabs.c) набора инструментального программного обеспечения GNU Binary Utilities, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код

Published: 2022-02-04Modified: 2025-10-14

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2021-45078

BDU:2023-05785

MEDIUM5.5

Уязвимость функции parse_stab_struct_fields программного средства разработки GNU Binutils, связанная с ошибкой освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-09-19Modified: 2025-10-14

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2022-47011

BDU:2023-05788

HIGH7.1

Уязвимость функции avr_elf32_load_records_from_section() программного средства разработки GNU Binutils, связанная с записью за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-09-19

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVSS 2.0MEDIUM 6.6

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:C/A:C

References

CVE-2021-3549

BDU:2023-05851

HIGH8.8

Уязвимость функции bfd_getl32 (libbfd.c) программного средства разработки GNU Binutils, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании

Published: 2023-09-19Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2020-19726

BDU:2023-06829

MEDIUM5.5

Уязвимость функции stab_demangle_v3_arg (stabs.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-10-17Modified: 2026-01-20

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2022-47007

BDU:2023-06830

MEDIUM5.5

Уязвимость функций make_tempdir и make_tempname (bucomm.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-10-17Modified: 2025-10-14

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2022-47008

BDU:2023-06831

MEDIUM5.5

Уязвимость функции pr_function_type (prdbg.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-10-17Modified: 2025-10-14

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2022-47010

CVE-2020-19726

HIGH8.8

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

Published: 2023-08-22Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2021-32256

MEDIUM6.5

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Published: 2023-07-18Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2021-3530

HIGH7.5

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Published: 2021-06-02Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2021-3549

HIGH7.1

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Published: 2021-05-26Modified: 2025-02-28

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

References

CVE-2021-45078

HIGH7.8

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Published: 2021-12-15Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2021-46174

HIGH7.5

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Published: 2023-08-22Modified: 2024-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-47007

MEDIUM5.5

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Published: 2023-08-22Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2022-47008

MEDIUM5.5

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Published: 2023-08-22Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2022-47010

MEDIUM5.5

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Published: 2023-08-22Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2022-47011

MEDIUM5.5

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Published: 2023-08-22Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Package update binutils in branch sisyphus_e2k

Closed issues (17)

Уязвимость функции stab_demangle_v3_arg (stabs.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функций make_tempdir и make_tempname (bucomm.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции pr_function_type (prdbg.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.