Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Vulnerability Details

CVEID:   CVE-2020-35495
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the bfd_pef_parse_symbols function in bfd/pef.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194213 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-35496
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the bfd_pef_scan_start_address() of bfd/pef.c. in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194210 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-35493
DESCRIPTION:   GNU Binutils is vulnerable a heap-based buffer overflow, caused by improper bounds checking in bfd_pef_parse_function_stubs in bfd/pef.c. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer to cause an out-of-bounds read, leading to a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194222 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-35507
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the bfd_pef_parse_function_stubs of bfd/pef.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194206 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-35494
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by the usage of uninitialized memory in /opcodes/tic4x-dis.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194221 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID:   CVE-2019-14250
DESCRIPTION:   GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in simple_object_elf_match in simple-object-elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164245 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2018-18309
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an invalid memory address dereference in the read_reloc function in reloc.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/151272 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2018-20712
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read flaw in the d_expression_1 function in cp-demangle.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155560 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-17358
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access in _bfd_stab_section_find_nearest_line in syms.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150341 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-17359
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access in bfd_zalloc in opncls.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150340 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-17360
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in bfd_getl32 in libbfd.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150339 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-18700
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a stack consumption in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-19932
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the IS_CONTAINED_BY_LMA function in elf.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154007 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2018-19931
DESCRIPTION:   GNU Binutils is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the bfd_elf32_swap_phdr_in function in elfcode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154006 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2018-17794
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the cplus-dem.c in GNU libiberty. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150692 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-17985
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a stack-based buffer overflow in the cplus_demangle_type function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a stack consumption.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150934 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2019-12972
DESCRIPTION:   GNU binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in the bfd_doprnt in bfd.c of libbfd. By using a specially-crafted file, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166630 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-18605
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in the function sec_merge_hash_lookup in merge.c in the in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/151866 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-18606
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the merge_strings function in merge.c in the in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/151865 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-18607
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the elf_link_input_bfd in elflink.c in the in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/151863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-20002
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a memory leak in the _bfd_generic_read_minisymbols function in syms.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154100 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-20671
DESCRIPTION:   GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the load_specific_debug_section function in objdump.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155167 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2018-18701
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a stack consumption in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2018-1000876
DESCRIPTION:   GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc. By using a specially-crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154802 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2018-18484
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a n error in the C++ demangling functions in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available stack resources.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/151736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-16599
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability in _bfd_elf_get_symbol_version_string (nm-new) in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192886 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-16592
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a use-after-free vulnerability in bfd_hash_lookup (nm-new) in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192896 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-16590
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a double free vulnerability in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192876 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-16593
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability in scan_unit_for_symbols (addr2line) in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192895 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-16591
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an invalid read in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192875 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2019-17450
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an infinite recursion in find_abstract_instance in dwarf2.c in inary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2019-17451
DESCRIPTION:   GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in _bfd_dwarf2_find_nearest_line in dwarf2.c in inary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169072 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)