Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
Max CVSS
7.8
EPSS Score
0.09%
Published
2019-10-23
Updated
2019-10-31
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
Max CVSS
7.8
EPSS Score
1.88%
Published
2004-12-31
Updated
2017-07-11
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
Max CVSS
7.8
EPSS Score
87.77%
Published
2005-12-11
Updated
2017-10-11
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Max CVSS
7.8
EPSS Score
0.67%
Published
2007-04-22
Updated
2018-10-16
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
Max CVSS
7.8
EPSS Score
4.41%
Published
2007-06-21
Updated
2008-09-05
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-06-18
Updated
2019-06-20
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Max CVSS
7.8
EPSS Score
10.71%
Published
2015-02-24
Updated
2023-02-13
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Max CVSS
7.8
EPSS Score
0.29%
Published
2017-08-25
Updated
2017-08-30
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
Max CVSS
7.8
EPSS Score
0.06%
Published
2020-01-24
Updated
2020-02-01
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
Max CVSS
7.8
EPSS Score
0.63%
Published
2017-04-13
Updated
2017-04-19
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
Max CVSS
7.8
EPSS Score
2.55%
Published
2017-02-24
Updated
2017-08-12
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-06-07
Updated
2017-06-15
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-20
Updated
2020-08-24
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-27
Updated
2017-03-31
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references
Max CVSS
7.8
EPSS Score
1.00%
Published
2017-05-07
Updated
2024-03-21
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
Max CVSS
7.8
EPSS Score
0.54%
Published
2017-05-18
Updated
2017-09-19
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
Max CVSS
7.8
EPSS Score
0.46%
Published
2017-05-18
Updated
2017-05-25
The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
Max CVSS
7.8
EPSS Score
2.73%
Published
2017-06-19
Updated
2017-09-19
The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
Max CVSS
7.8
EPSS Score
1.08%
Published
2017-06-19
Updated
2018-01-09
The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
Max CVSS
7.8
EPSS Score
0.93%
Published
2017-06-19
Updated
2017-06-26
The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
Max CVSS
7.8
EPSS Score
0.93%
Published
2017-06-19
Updated
2017-06-26
The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution.
Max CVSS
7.8
EPSS Score
2.73%
Published
2017-06-19
Updated
2018-01-09
The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.
Max CVSS
7.8
EPSS Score
3.23%
Published
2017-06-19
Updated
2017-08-13
The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.
Max CVSS
7.8
EPSS Score
3.23%
Published
2017-06-19
Updated
2017-08-12
The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
Max CVSS
7.8
EPSS Score
2.73%
Published
2017-06-19
Updated
2018-01-09
344 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!