{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-3441: bounds-check XTY_LD x_scnlen csect index in\n xcoff_link_add_symbols to prevent heap-based out-of-bounds read\n- CVE-2026-3442: validate r_symndx before sym_hashes[] indexing in\n xcoff_link_add_symbols to prevent out-of-bounds read", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/amazonlinux2els/advisories/2026/clsa-2026_1777476417.json" } ], "tracking": { "current_release_date": "2026-04-29T15:29:15Z", "generator": { "date": "2026-04-29T15:29:15Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1777476417", "initial_release_date": "2026-04-29T15:29:15Z", "revision_history": [ { "date": "2026-04-29T15:29:15Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "binutils: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "Amazon-Linux-2", "product_identification_helper": { "cpe": "cpe:2.3:o:amazon:amazon_linux:2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Amazon Linux" } ], "category": "vendor", "name": "Amazon Web Services, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "product": { "name": "binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "product_id": "binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils@2.29.1-31.amzn2.0.2.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "product": { "name": "binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "product_id": "binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.29.1-31.amzn2.0.2.tuxcare.els10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64 as a component of Amazon Linux 2", "product_id": "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" }, "product_reference": "binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "relates_to_product_reference": "Amazon-Linux-2" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64 as a component of Amazon Linux 2", "product_id": "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" }, "product_reference": "binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "relates_to_product_reference": "Amazon-Linux-2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-3442", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-3442" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-3442", "url": "https://access.redhat.com/security/cve/CVE-2026-3442" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2443828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443828" } ], "release_date": "2026-03-16T14:19:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-47695", "notes": [ { "category": "description", "text": "An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-47695" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=29846", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29846" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-17121", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-17121" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22506" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b23dc97fe237a1d9e850d7cbeee066183a00630b", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b23dc97fe237a1d9e850d7cbeee066183a00630b" } ], "release_date": "2017-12-04T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-25584", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-25584" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-25584", "url": "https://access.redhat.com/security/cve/CVE-2023-25584" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231103-0002/", "url": "https://security.netapp.com/advisory/ntap-20231103-0002/" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44" } ], "release_date": "2023-09-14T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2018-19931", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-19931" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/106144", "url": "http://www.securityfocus.com/bid/106144" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201908-01", "url": "https://security.gentoo.org/glsa/201908-01" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20190221-0004/", "url": "https://security.netapp.com/advisory/ntap-20190221-0004/" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=23942", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23942" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5f60af5d24d181371d67534fa273dd221df20c07", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5f60af5d24d181371d67534fa273dd221df20c07" }, { "category": "external", "summary": "https://usn.ubuntu.com/4336-1/", "url": "https://usn.ubuntu.com/4336-1/" } ], "release_date": "2018-12-07T07:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-17122", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-17122" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22508" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f" } ], "release_date": "2017-12-04T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-45078", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-45078" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202208-30", "url": "https://security.gentoo.org/glsa/202208-30" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220107-0002/", "url": "https://security.netapp.com/advisory/ntap-20220107-0002/" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=28694", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28694" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=161e87d12167b1e36193385485c1f6ce92f74f02", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=161e87d12167b1e36193385485c1f6ce92f74f02" } ], "release_date": "2021-12-15T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-17125", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-17125" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4" } ], "release_date": "2017-12-04T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-16831", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-16831" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22385" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" } ], "release_date": "2017-11-15T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-35342", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "notes": [ { "category": "description", "text": "GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-35342" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231006-0009/", "url": "https://security.netapp.com/advisory/ntap-20231006-0009/" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=25319", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25319" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-47696", "notes": [ { "category": "description", "text": "An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-47696" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-44840", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-44840" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=29732", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29732" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-16828", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-16828" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22386" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" } ], "release_date": "2017-11-15T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-16826", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-16826" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22376" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=a67d66eb97e7613a38ffe6622d837303b3ecd31d", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=a67d66eb97e7613a38ffe6622d837303b3ecd31d" } ], "release_date": "2017-11-15T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-16827", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-16827" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22306" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0301ce1486b1450f219202677f30d0fa97335419", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0301ce1486b1450f219202677f30d0fa97335419" } ], "release_date": "2017-11-15T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-5244", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5244" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16010" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32858" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.310346", "url": "https://vuldb.com/?ctiid.310346" }, { "category": "external", "summary": "https://vuldb.com/?id.310346", "url": "https://vuldb.com/?id.310346" }, { "category": "external", "summary": "https://vuldb.com/?submit.584634", "url": "https://vuldb.com/?submit.584634" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-05-27T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-3441", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-3441" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-3441", "url": "https://access.redhat.com/security/cve/CVE-2026-3441" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2443826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443826" } ], "release_date": "2026-03-16T14:19:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-17124", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-17124" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22507" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c" } ], "release_date": "2017-12-04T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-16832", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-16832" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201811-17", "url": "https://security.gentoo.org/glsa/201811-17" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22373" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0bb6961f18b8e832d88b490d421ca56cea16c45b", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0bb6961f18b8e832d88b490d421ca56cea16c45b" } ], "release_date": "2017-11-15T08:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-47673", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-47673" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=29876", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29876" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-5245", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5245" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16004" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32829" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.310347", "url": "https://vuldb.com/?ctiid.310347" }, { "category": "external", "summary": "https://vuldb.com/?id.310347", "url": "https://vuldb.com/?id.310347" }, { "category": "external", "summary": "https://vuldb.com/?submit.584635", "url": "https://vuldb.com/?submit.584635" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-05-27T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T15:27:00.561247Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417", "product_ids": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777476417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Amazon-Linux-2:binutils-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64", "Amazon-Linux-2:binutils-devel-0:2.29.1-31.amzn2.0.2.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }