Shodan
Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
CVE-2019-17450
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVSS Score
6.5
EPSS Score
0.011
Published
2019-10-10
CVE-2019-17451
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
CVSS Score
6.5
EPSS Score
0.011
Published
2019-10-10
CVE-2019-16165
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-09-09
CVE-2019-16166
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-09-09
CVE-2019-15847
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-09-02
CVE-2019-15767
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-29
CVE-2019-15531
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
CVSS Score
6.5
EPSS Score
0.011
Published
2019-08-23
CVE-2018-20969
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-08-16
CVE-2014-10375
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-08-14
CVE-2019-14444
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved