VulnerableCode Package Details - pkg:deb/ubuntu/binutils@2.34-6ubuntu1

Search for packages

Vulnerability	Summary	Fixed by
VCID-565w-hvaz-aaag Aliases: CVE-2018-20673	The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.	2.34-6ubuntu1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-eb7h-p6z2-aaan Aliases: CVE-2020-16592	A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.	2.34-6ubuntu1.3 Affected by 0 other vulnerabilities.
VCID-r4yx-jctz-aaan Aliases: CVE-2021-3487	Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt	2.34-6ubuntu1.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-565w-hvaz-aaag
Aliases:
CVE-2018-20673

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

2.34-6ubuntu1.1
Affected by 2 other vulnerabilities.

VCID-eb7h-p6z2-aaan
Aliases:
CVE-2020-16592

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

2.34-6ubuntu1.3
Affected by 0 other vulnerabilities.

VCID-r4yx-jctz-aaan
Aliases:
CVE-2021-3487

Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

2.34-6ubuntu1.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4mae-qgmv-aaad	There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.	CVE-2020-35495
VCID-bnd7-s557-aaam	There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.	CVE-2020-35496
VCID-nnxe-6dsq-aaaa	There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.	CVE-2020-35494
VCID-prnn-s8nt-aaae	A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.	CVE-2020-35493
VCID-ujyd-g3vb-aaad	There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.	CVE-2020-35507

Vulnerability

Summary

Aliases

VCID-4mae-qgmv-aaad

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2020-35495

VCID-bnd7-s557-aaam

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2020-35496

VCID-nnxe-6dsq-aaaa

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

CVE-2020-35494

VCID-prnn-s8nt-aaae

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2020-35493

VCID-ujyd-g3vb-aaad

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

CVE-2020-35507

Next non-vulnerable version	2.34-6ubuntu1.3
Latest non-vulnerable version	2.34-6ubuntu1.3
Risk	3.2