Spinpx

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** A problem has been discovered in the Binary File Descriptor (BFD) library, also known as libbfd, as distributed in GNU Binutils. The issue is an attempted excessive memory allocation in the `setup group` function in `elf.c`. **Recommendations** For GNU Binutils version 2.32, consider updating to a newer version to mitigate the risk, as the issue is related to an attempted excessive memory allocation in the `setup group` function. As a temporary workaround, consider restricting access to the `elf.c` file or the `setup group` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is related to a heap-based buffer overflow in the `process mips specific` function of the `readelf.c` component in GNU Binutils. This can be exploited by a remote attacker using a specially crafted MIPS option section, allowing them to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For GNU Binutils version 2.32, consider disabling the `process mips specific` function in `readelf.c` as a temporary workaround until a patch is available. Restrict access to the `readelf.c` component to minimize the risk of exploitation. Avoid using malformed MIPS option sections in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is related to an out-of-bounds read in the Binary File Descriptor (BFD) library, specifically in the `bfd getl32` function within `libbfd.c`, which is called from `pex64 get runtime function` in `pei-x86 64.c`. This can lead to a segmentation fault. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For GNU Binutils version 2.32, consider updating to a newer version that includes a fix for this issue. As a temporary workaround, restrict access to the `pex64 get runtime function` in `pei-x86 64.c` to minimize the risk of exploitation. Avoid using the `bfd getl32` function in `libbfd.c` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is related to the libbfd library, specifically the elf read notes function in elf.c, and is associated with unbounded resource allocation. Exploitation of this issue may allow an attacker to cause a denial of service. The problem involves an attempted excessive memory allocation. **Recommendations** For GNU Binutils version 2.32, consider disabling the elf read notes function in elf.c as a temporary workaround until a patch is available. Restrict access to the libbfd library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is a heap-based buffer overflow in the ` bfd archive 64 bit slurp armap` function, located in `archive64.c`, which is part of the Binary File Descriptor (BFD) library. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For GNU Binutils version 2.32, consider disabling the ` bfd archive 64 bit slurp armap` function as a temporary workaround until a patch is available. Restrict access to the `archive64.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** File version 5.35 **Description** The issue is related to a buffer overflow in the do core note function of the File utility, which is used to determine the types of given files. This can be exploited by a remote attacker to cause a denial of service, resulting in stack corruption and application crash, or possibly have other unspecified impacts. **Recommendations** For File version 5.35, consider disabling the do core note function in readelf.c as a temporary workaround until a patch is available. Restrict access to the libmagic.a library to minimize the risk of exploitation. Avoid using the File utility to determine file types from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is a heap-based buffer over-read in the `d expression 1` function in `cp-demangle.c` after many recursive calls. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For GNU Binutils version 2.32, consider disabling the `d expression 1` function in `cp-demangle.c` as a temporary workaround until a patch is available. Restrict access to the `cp-demangle.c` component to minimize the risk of exploitation. Avoid using the `d expression 1` function in recursive calls until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.32 **Description** The issue is related to a stack consumption problem in the `d count templates scopes` function within `cp-demangle.c` of the GNU libiberty component, which is part of GNU Binutils. This problem occurs after many recursive calls, potentially leading to a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For GNU Binutils version 2.32, consider applying a patch or updating to a newer version that addresses the stack consumption issue in the `d count templates scopes` function. As a temporary workaround, consider restricting the use of the `cp-demangle.c` component or limiting the depth of recursive calls to `d count templates scopes` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** file version 5.35 **Description** The issue is related to a stack-based buffer over-read in the `do bid note` function in `readelf.c` in `libmagic.a`. This is connected to `file printf` and `file vprintf`. Exploitation of the issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For file version 5.35, consider disabling the `do bid note` function as a temporary workaround until a patch is available. Restrict access to the `readelf.c` module to minimize the risk of exploitation. Avoid using the `file printf` and `file vprintf` functions in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** file version 5.35 **Description** The issue is related to a stack-based buffer over-read in the do core note function in readelf.c in libmagic.a. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is distinct from previous issues and is associated with the file printable function. **Recommendations** For file version 5.35, consider updating to a newer version that addresses this issue, as the current version has a known stack-based buffer over-read vulnerability in the do core note function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.