gdbgdb-9.2: 29 vulnerabilities (highest severity is: 9.8) #7
Description
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Vulnerable Source Files (1)
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (gdbgdb version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-45853 |  Critical |
9.8 | gdbgdb-9.2 | Direct | v1.3.1 | ❌ |
| CVE-2024-53589 |  High |
8.4 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2022-47673 | High |
7.8 | gdbgdb-9.2 | Direct | binutils-2_40 | ❌ |
| CVE-2019-9924 | High |
7.8 | detected in multiple dependencies | Direct | readline - 7.0 | ❌ |
| CVE-2021-3530 | High |
7.5 | gdbgdb-9.2 | Direct | binutils - 2.35,2.36 | ❌ |
| CVE-2020-35342 | High |
7.5 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2016-6131 | High |
7.5 | gdbgdb-9.2 | Direct | ht - 2.1.0+repack1-2,2.1.0+repack1-2,2.1.0+repack1-2,2.1.0+repack1-2;binutils - 2.27.51.20161102-1,2.27.51.20161102-1,2.27.51.20161102-1,2.27.51.20161102-1 | ❌ |
| CVE-2021-3826 |  Medium |
6.5 | gdbgdb-9.2 | Direct | basepoints/gcc-13,releases/gcc-12.1.0 | ❌ |
| CVE-2021-32256 | Medium |
6.5 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2023-25584 | Medium |
6.3 | gdbgdb-9.2 | Direct | binutils-2_40 | ❌ |
| CVE-2021-20197 | Medium |
6.3 | gdbgdb-9.2 | Direct | 2_36 | ❌ |
| CVE-2020-35494 | Medium |
6.1 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2023-39130 | Medium |
5.5 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2023-39129 | Medium |
5.5 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2020-35507 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2020-35496 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2020-35495 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2020-35493 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2020-21490 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils-2_34 | ❌ |
| CVE-2019-9074 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils-2_33 | ❌ |
| CVE-2019-14250 | Medium |
5.5 | gdbgdb-9.2 | Direct | binutils - 2.33-1,2.33-1 | ❌ |
| CVE-2018-20673 | Medium |
5.5 | gdbgdb-9.2 | Direct | gcc-plugin-devel-debuginfo - 8.5.0-3,8.5.0-3;libquadmath-debuginfo - 8.5.0-3,8.5.0-3;libatomic-static - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-debuginfo - 8.5.0-3,8.5.0-3;libgomp-offload-nvptx-debuginfo - 8.5.0-3;gcc-debugsource - 8.5.0-3,8.5.0-3;libquadmath-devel - 8.5.0-3,8.5.0-3,8.5.0-3;libquadmath - 8.5.0-3,8.5.0-3,8.5.0-3;libgomp-debuginfo - 8.5.0-3,8.5.0-3;libstdc++-devel - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libstdc++-docs - 8.5.0-3,8.5.0-3,8.5.0-3;cpp-debuginfo - 8.5.0-3,8.5.0-3;libstdc++-debuginfo - 8.5.0-3,8.5.0-3;libatomic - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-gdb-plugin - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libstdc++ - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-c++-debuginfo - 8.5.0-3,8.5.0-3;libubsan-debuginfo - 8.5.0-3,8.5.0-3;libubsan - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;liblsan-debuginfo - 8.5.0-3;libatomic-debuginfo - 8.5.0-3,8.5.0-3;libgcc - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libitm - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-offload-nvptx - 8.5.0-3,8.5.0-3;libgcc-debuginfo - 8.5.0-3,8.5.0-3;gcc-gdb-plugin-debuginfo - 8.5.0-3,8.5.0-3;gcc-gfortran - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libgomp-offload-nvptx - 8.5.0-3,8.5.0-3;gcc-c++ - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libgfortran - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;cpp - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-gfortran-debuginfo - 8.5.0-3,8.5.0-3;gcc-offload-nvptx-debuginfo - 8.5.0-3;libitm-devel - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libitm-debuginfo - 8.5.0-3,8.5.0-3;libasan-debuginfo - 8.5.0-3,8.5.0-3;libtsan-debuginfo - 8.5.0-3;libasan - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libgfortran-debuginfo - 8.5.0-3,8.5.0-3;libgomp - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;liblsan - 8.5.0-3,8.5.0-3,8.5.0-3;libtsan - 8.5.0-3,8.5.0-3,8.5.0-3 | ❌ |
| CVE-2025-1179 | Medium |
5.0 | gdbgdb-9.2 | Direct | binutils-2_44 | ❌ |
| CVE-2023-25586 | Medium |
4.7 | gdbgdb-9.2 | Direct | binutils-2_40 | ❌ |
| CVE-2023-25585 | Medium |
4.7 | gdbgdb-9.2 | Direct | binutils-2_40 | ❌ |
| CVE-2025-1152 |  Low |
3.1 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2025-1151 | Low |
3.1 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2025-1150 | Low |
3.1 | gdbgdb-9.2 | Direct | N/A | ❌ |
| CVE-2025-1149 | Low |
3.1 | gdbgdb-9.2 | Direct | N/A | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (26 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2023-45853
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (3)
Vulnerability Details
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Publish Date: 2023-10-14
URL: CVE-2023-45853
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-45853
Release Date: 2023-10-14
Fix Resolution: v1.3.1
CVE-2024-53589
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.
Publish Date: 2024-12-05
URL: CVE-2024-53589
CVSS 3 Score Details (8.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVE-2022-47673
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
Publish Date: 2023-08-22
URL: CVE-2022-47673
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-47673
Release Date: 2023-08-22
Fix Resolution: binutils-2_40
CVE-2019-9924
Vulnerable Libraries - gdbgdb-9.2, gdbgdb-9.2, gdbgdb-9.2
gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Vulnerable Source Files (5)
gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Vulnerable Source Files (5)
gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Vulnerable Source Files (5)
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerability Details
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Publish Date: 2019-03-22
URL: CVE-2019-9924
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-9924
Release Date: 2019-03-22
Fix Resolution: readline - 7.0
CVE-2021-3530
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
Publish Date: 2021-06-02
URL: CVE-2021-3530
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3530
Release Date: 2021-06-02
Fix Resolution: binutils - 2.35,2.36
CVE-2020-35342
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
Publish Date: 2023-08-22
URL: CVE-2020-35342
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2020-35342
Release Date: 2023-08-22
Fix Resolution: binutils-2_34
CVE-2016-6131
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
Publish Date: 2017-02-07
URL: CVE-2016-6131
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-6131
Release Date: 2017-02-07
Fix Resolution: ht - 2.1.0+repack1-2,2.1.0+repack1-2,2.1.0+repack1-2,2.1.0+repack1-2;binutils - 2.27.51.20161102-1,2.27.51.20161102-1,2.27.51.20161102-1,2.27.51.20161102-1
CVE-2021-3826
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
Publish Date: 2022-09-01
URL: CVE-2021-3826
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987
Release Date: 2022-09-01
Fix Resolution: basepoints/gcc-13,releases/gcc-12.1.0
CVE-2021-32256
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
Publish Date: 2023-07-18
URL: CVE-2021-32256
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVE-2023-25584
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Publish Date: 2023-09-14
URL: CVE-2023-25584
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2167467
Release Date: 2023-02-13
Fix Resolution: binutils-2_40
CVE-2021-20197
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Publish Date: 2021-03-26
URL: CVE-2021-20197
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2021-03-26
Fix Resolution: 2_36
CVE-2020-35494
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
Publish Date: 2021-01-04
URL: CVE-2020-35494
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1911439
Release Date: 2021-01-04
Fix Resolution: binutils-2_34
CVE-2023-39130
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
Publish Date: 2023-07-25
URL: CVE-2023-39130
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVE-2023-39129
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
Publish Date: 2023-07-25
URL: CVE-2023-39129
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVE-2020-35507
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
Publish Date: 2021-01-04
URL: CVE-2020-35507
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1911691
Release Date: 2021-01-04
Fix Resolution: binutils-2_34
CVE-2020-35496
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
Publish Date: 2021-01-04
URL: CVE-2020-35496
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-35496
Release Date: 2021-01-04
Fix Resolution: binutils-2_34
CVE-2020-35495
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
Publish Date: 2021-01-04
URL: CVE-2020-35495
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-35495
Release Date: 2021-01-04
Fix Resolution: binutils-2_34
CVE-2020-35493
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
Publish Date: 2021-01-04
URL: CVE-2020-35493
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1911437
Release Date: 2021-01-04
Fix Resolution: binutils-2_34
CVE-2020-21490
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
Publish Date: 2023-08-22
URL: CVE-2020-21490
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2020-21490
Release Date: 2023-08-22
Fix Resolution: binutils-2_34
CVE-2019-9074
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
Publish Date: 2019-02-24
URL: CVE-2019-9074
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9074
Release Date: 2019-02-24
Fix Resolution: binutils-2_33
CVE-2019-14250
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
Publish Date: 2019-07-24
URL: CVE-2019-14250
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-14250
Release Date: 2020-11-02
Fix Resolution: binutils - 2.33-1,2.33-1
CVE-2018-20673
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
Publish Date: 2019-01-04
URL: CVE-2018-20673
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-20673
Release Date: 2019-01-04
Fix Resolution: gcc-plugin-devel-debuginfo - 8.5.0-3,8.5.0-3;libquadmath-debuginfo - 8.5.0-3,8.5.0-3;libatomic-static - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-debuginfo - 8.5.0-3,8.5.0-3;libgomp-offload-nvptx-debuginfo - 8.5.0-3;gcc-debugsource - 8.5.0-3,8.5.0-3;libquadmath-devel - 8.5.0-3,8.5.0-3,8.5.0-3;libquadmath - 8.5.0-3,8.5.0-3,8.5.0-3;libgomp-debuginfo - 8.5.0-3,8.5.0-3;libstdc++-devel - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libstdc++-docs - 8.5.0-3,8.5.0-3,8.5.0-3;cpp-debuginfo - 8.5.0-3,8.5.0-3;libstdc++-debuginfo - 8.5.0-3,8.5.0-3;libatomic - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-gdb-plugin - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libstdc++ - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-c++-debuginfo - 8.5.0-3,8.5.0-3;libubsan-debuginfo - 8.5.0-3,8.5.0-3;libubsan - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;liblsan-debuginfo - 8.5.0-3;libatomic-debuginfo - 8.5.0-3,8.5.0-3;libgcc - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libitm - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-offload-nvptx - 8.5.0-3,8.5.0-3;libgcc-debuginfo - 8.5.0-3,8.5.0-3;gcc-gdb-plugin-debuginfo - 8.5.0-3,8.5.0-3;gcc-gfortran - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libgomp-offload-nvptx - 8.5.0-3,8.5.0-3;gcc-c++ - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libgfortran - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;cpp - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;gcc-gfortran-debuginfo - 8.5.0-3,8.5.0-3;gcc-offload-nvptx-debuginfo - 8.5.0-3;libitm-devel - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libitm-debuginfo - 8.5.0-3,8.5.0-3;libasan-debuginfo - 8.5.0-3,8.5.0-3;libtsan-debuginfo - 8.5.0-3;libasan - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;libgfortran-debuginfo - 8.5.0-3,8.5.0-3;libgomp - 8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3,8.5.0-3;liblsan - 8.5.0-3,8.5.0-3,8.5.0-3;libtsan - 8.5.0-3,8.5.0-3,8.5.0-3
CVE-2025-1179
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".
Publish Date: 2025-02-11
URL: CVE-2025-1179
CVSS 3 Score Details (5.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1
Release Date: 2025-02-11
Fix Resolution: binutils-2_44
CVE-2023-25586
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Publish Date: 2023-09-14
URL: CVE-2023-25586
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2167502
Release Date: 2023-02-13
Fix Resolution: binutils-2_40
CVE-2023-25585
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Publish Date: 2023-09-14
URL: CVE-2023-25585
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2167498
Release Date: 2023-02-13
Fix Resolution: binutils-2_40
CVE-2025-1152
Vulnerable Library - gdbgdb-9.2
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/gdb?wsslib=gdb
Found in HEAD commit: a5282c23c8dfeb383a65fba63e7a78f59b9c1c60
Found in base branch: develop
Vulnerable Source Files (2)
Vulnerability Details
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
Publish Date: 2025-02-10
URL: CVE-2025-1152
CVSS 3 Score Details (3.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low