Heqing Huang

**Name of the Vulnerable Software and Affected Versions** binutils (affected versions not specified) **Description** The issue is related to an illegal memory access flaw in the binutils package. It occurs when parsing an ELF file that contains corrupt symbol version information, potentially resulting in a denial of service. This problem is a result of an incomplete fix for a previous issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge for Android (affected versions not specified) **Description** The issue is related to a lack of protection for internal data in Microsoft Edge for Android. Exploitation of this issue could allow a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU nm versions prior to 2.34 **Description** The issue is related to a memory consumption problem in the `get data` function in `binutils/nm.c`. This allows attackers to cause a denial of service via crafted commands. The vulnerability is associated with incorrect memory deallocation before removing the last reference, which can be exploited to disrupt service. **Recommendations** For versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `get data` function in `binutils/nm.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** binutils version 2.36 **Description** An issue was discovered in binutils libbfd.c relating to the auxiliary symbol data, allowing attackers to read or write to system memory or cause a denial of service. The vulnerability is also described as a buffer overflow issue in the bfd getl32 function, which can be exploited by a remote attacker to gain read, modify, or delete access to data or cause a denial of service. **Recommendations** For binutils version 2.36, consider disabling the vulnerable `bfd getl32` function in libbfd.c as a temporary workaround until a patch is available. Restrict access to the auxiliary symbol data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.