Latest Gnu Vulnerabilities

CVE-2024-0911
Indent: heap-based buffer overflow in set_buf_break()
GNU indent=2.2.13
CVE-2024-0684
Coreutils: heap overflow in split --line-bytes with very long lines
redhat/coreutils<9.2
GNU coreutils=9.2
GNU coreutils=9.3
GNU coreutils=9.4
CVE-2024-0567
Gnutls: rejects certificate chain with distributed trust
Gnu Gnutls<3.8.3
redhat/GnuTLS<3.8.3
ubuntu/gnutls28<3.7.3-4ubuntu1.4
ubuntu/gnutls28<3.7.8-5ubuntu1.2
ubuntu/gnutls28<3.8.1-4ubuntu1.2
ubuntu/gnutls28<3.8.3-1ubuntu1
and 2 more
CVE-2024-0553
Gnutls: incomplete fix for cve-2023-5981
Gnu Gnutls<3.8.3
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/gnutls<3.8.3
debian/gnutls28<=3.6.7-4+deb10u8<=3.7.1-5+deb11u4<=3.7.1-5+deb11u3
and 6 more
CVE-2024-1048
Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
=8.0
=9.0
=40
CVE-2023-26157
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
GNU LibreDWG<0.12.5.6384
CVE-2023-6780
Glibc: integer overflow in __vsyslog_internal()
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
redhat/glibc<2.39
GNU glibc>=2.37<2.39
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 3 more
CVE-2023-6779
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
GNU glibc<2.39
Fedoraproject Fedora=38
Fedoraproject Fedora=39
redhat/glibc<2.39
and 4 more
CVE-2023-7216
Cpio: extraction allows symlinks which enables remote command execution
GNU cpio
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-6246
Glibc: heap-based buffer overflow in __vsyslog_internal()
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
GNU glibc>=2.36<2.39
Fedoraproject Fedora=38
Fedoraproject Fedora=39
redhat/glibc<2.39
and 3 more
CVE-2023-5981
Gnutls: timing side-channel in the rsa-psk authentication
redhat/GnuTLS<3.8.2
Gnu Gnutls=1.5.0
Redhat Linux=8.0
Redhat Linux=9.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
and 7 more
CVE-2023-46604
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
GNU C Library
=latest
=latest
=latest
Apache ActiveMQ<5.15.16
Apache ActiveMQ>=5.16.0<5.16.7
and 24 more
CVE-2023-5156
Glibc: dos due to memory leak in getaddrinfo.c
GNU glibc<2.39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
GNU glibc>=2.34<2.39
redhat/glibc<2.39
ubuntu/glibc<2.35-0ubuntu3.5
and 4 more
CVE-2023-4039
GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
GNU GCC<2023-09-12
CVE-2023-4911
GNU C Library Buffer Overflow Vulnerability
GNU glibc
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Redhat Virtualization=4.0
Redhat Enterprise Linux=8.0
and 21 more
CVE-2023-4693
Grub2: out-of-bounds read at fs/ntfs.c
ubuntu/grub2<2.12~
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu17.2
ubuntu/grub2-signed<1.187.6~20.04.1
ubuntu/grub2-signed<1.187.6
and 8 more
CVE-2023-4806
Glibc: potential use-after-free in getaddrinfo()
redhat/glibc<0:2.28-225.el8_8.6
redhat/glibc<0:2.34-60.el9_2.7
GNU glibc=2.33
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 33 more
CVE-2023-4692
Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
ubuntu/grub2<2.12~
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu17.2
ubuntu/grub2-signed<1.187.6~20.04.1
ubuntu/grub2-signed<1.187.6
and 6 more
CVE-2023-4527
Glibc: stack read overflow in getaddrinfo in no-aaaa mode
debian/glibc<=2.36-9+deb12u2
GNU glibc<2.39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/glibc<2.37-0ubuntu2.1
ubuntu/glibc<2.38-1ubuntu5
and 35 more
CVE-2022-47696
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
GNU Binutils<2.39.3
CVE-2022-47673
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
GNU Binutils<2.39.3
CVE-2022-35206
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.
GNU Binutils=2.38.50
CVE-2020-35357
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_...
Gnu Gnu Scientific Library=2.5
Gnu Gnu Scientific Library=2.6
Debian Debian Linux=10.0
CVE-2020-19726
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
GNU Binutils=2.36
ubuntu/binutils<2.36
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.7
and 1 more
CVE-2020-19186
ncurses. This issue was addressed with improved checks.
Apple macOS Ventura<13.6.3
Apple macOS Monterey<12.7.2
Apple macOS Sonoma<14.2
GNU ncurses=6.1
Netapp Active Iq Unified Manager Vsphere
CVE-2022-48064
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted...
GNU Binutils<2.40
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp ONTAP Select Deploy administration utility
CVE-2022-47011
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
GNU Binutils>=2.34<=2.38
ubuntu/binutils<2.39
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.8
and 2 more
CVE-2022-35205
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
GNU Binutils=2.38.50
ubuntu/binutils<2.34-6ubuntu1.7
ubuntu/binutils<2.38-4ubuntu2.4
ubuntu/binutils<2.39
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
debian/binutils
CVE-2022-44840
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
GNU Binutils<2.40
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.40
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.8
and 2 more
CVE-2020-21490
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
GNU Binutils<2.34
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.34
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
debian/binutils
CVE-2022-45703
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
GNU Binutils<2.40
ubuntu/binutils<2.40
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.8
and 2 more
CVE-2022-48065
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
GNU Binutils<2.40
NetApp ONTAP Select Deploy administration utility
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/binutils<2.34-6ubuntu1.9
ubuntu/binutils<2.38-4ubuntu2.6
and 2 more
CVE-2022-47007
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
GNU Binutils>=2.34<=2.38
ubuntu/binutils<2.39
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.8
and 2 more
CVE-2020-19190
ncurses. This issue was addressed with improved checks.
Apple macOS Ventura<13.6.3
Apple macOS Monterey<12.7.2
Apple macOS Sonoma<14.2
GNU ncurses=6.1
Netapp Active Iq Unified Manager Vsphere
CVE-2020-19185
ncurses. This issue was addressed with improved checks.
Apple macOS Ventura<13.6.3
Apple macOS Monterey<12.7.2
Apple macOS Sonoma<14.2
GNU ncurses=6.1
Netapp Active Iq Unified Manager Vsphere
CVE-2020-19187
ncurses. This issue was addressed with improved checks.
Apple macOS Ventura<13.6.3
Apple macOS Monterey<12.7.2
Apple macOS Sonoma<14.2
GNU ncurses=6.1
Netapp Active Iq Unified Manager Vsphere
CVE-2022-47008
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
GNU Binutils>=2.34<=2.38
ubuntu/binutils<2.39
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.8
and 2 more
CVE-2022-47010
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
GNU Binutils>=2.34<=2.38
ubuntu/binutils<2.39
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.8
and 2 more
CVE-2022-47695
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
GNU Binutils<2.39.3
ubuntu/binutils<2.34-6ubuntu1.9
ubuntu/binutils<2.38-4ubuntu2.6
ubuntu/binutils<2.40-2
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
and 2 more
CVE-2021-46174
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
GNU Binutils<2.38
ubuntu/binutils<2.38
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
ubuntu/binutils<2.34-6ubuntu1.7
and 1 more
CVE-2020-19188
ncurses. This issue was addressed with improved checks.
Apple macOS Ventura<13.6.3
Apple macOS Monterey<12.7.2
Apple macOS Sonoma<14.2
GNU ncurses=6.1
Netapp Active Iq Unified Manager Vsphere
CVE-2020-19189
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
ubuntu/ncurses<6.1+20191019-1
ubuntu/ncurses<6.1-1ubuntu1.18.04.1+
ubuntu/ncurses<5.9+20140118-1ubuntu1+
ubuntu/ncurses<6.0+20160213-1ubuntu1+
debian/ncurses<=6.1+20181013-2+deb10u2
Apple macOS Ventura<13.6.3
and 5 more
CVE-2020-35342
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
GNU Binutils<2.34
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.34
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
debian/binutils
CVE-2020-19724
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
GNU Binutils<2.34
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.34
ubuntu/binutils<2.24-5ubuntu14.2+
ubuntu/binutils<2.26.1-1ubuntu1~16.04.8+
debian/binutils
CVE-2022-48063
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file an...
GNU Binutils<2.40
ubuntu/binutils<2.34-6ubuntu1.9
ubuntu/binutils<2.38-4ubuntu2.6
ubuntu/binutils<2.39
ubuntu/binutils<2.30-21ubuntu1~18.04.9+
ubuntu/binutils<2.24-5ubuntu14.2+
and 2 more
CVE-2023-40305
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
GNU indent=2.2.13
ubuntu/indent<2.2.12-1ubuntu0.20.04.1
ubuntu/indent<2.2.13-3
ubuntu/indent<2.2.12-1ubuntu0.22.04.1
ubuntu/indent<2.2.12-4ubuntu0.1
debian/indent<=2.2.12-1
CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if th...
ubuntu/inetutils<2:1.9.4-11ubuntu0.2
ubuntu/inetutils<2:2.2-2ubuntu0.1
ubuntu/inetutils<2:2.4-2ubuntu1.1
<=2.4
GNU inetutils<=2.4
debian/inetutils<=2:1.9.4-7+deb10u1<=2:1.9.4-7+deb10u2<=2:2.0-1+deb11u1<=2:2.4-2
CVE-2023-39128
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
GNU gdb=13.0.50.20220805-git
CVE-2023-39129
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
GNU gdb=13.0.50.20220805-git
CVE-2023-39130
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
GNU gdb=13.0.50.20220805-git

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203