Wenjusun

**Name of the Vulnerable Software and Affected Versions** rizinorg rizin versions 0.7.4 and earlier **Description** A critical issue affects the function `msf stream directory free` in the library `/librz/bin/pdb/pdb.c`. The manipulation of the argument `-P` leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. **Recommendations** To address this issue, upgrade to version 0.8.0. As a temporary workaround, consider restricting access to the `msf stream directory free` function until a patch is available. Avoid using the argument `-P` in the affected library until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** rizinorg rizin versions up to 0.8.0 **Description** A critical vulnerability was found in rizinorg rizin, affecting the `rz utf8 encode` function in the library `/librz/util/utf8.c`. The manipulation leads to a heap-based buffer overflow. An attack must be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply a patch to the affected version of rizinorg rizin. As a temporary workaround, consider disabling the `rz utf8 encode` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: GNU elfutils version 0.192 Description: A problem has been found in GNU elfutils that affects the `gelf getsymshndx` function of the file strip.c in the eu-strip component. This issue leads to denial of service and must be approached locally. The exploit has been disclosed and may be used. Recommendations: To fix this issue, apply a patch with the identifier fbf1df9ca286de3323ae541973b08449f8d03aba to GNU elfutils version 0.192. As a temporary workaround, consider disabling the `gelf getsymshndx` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: radare2 versions 5.9.9 through 5.9.9 33286 Description: A vulnerability was found in radare2, affecting an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Recommendations: To address this issue, upgrade to version 6.0.0. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.

Name of the Vulnerable Software and Affected Versions: GNU elfutils version 0.192 Description: A vulnerability was found in GNU elfutils, affecting the function `elf strptr` in the library `/libelf/elf strptr.c` of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Recommendations: To fix this issue, it is recommended to apply a patch, specifically the patch with the name b16f441cca0a4841050e3215a9f120a6d8aea918. As a temporary workaround, consider disabling the `elf strptr` function in the `/libelf/elf strptr.c` library until a patch is applied. Restrict access to the eu-strip component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 9.1.1097 **Description** A problematic issue has been found in vim, affecting unknown code in the src/main.c file. The manipulation of the `--log` argument leads to memory corruption, allowing an attack to be launched on the local host. **Recommendations** For versions prior to 9.1.1097, upgrade to version 9.1.1097 to address this issue. As a temporary workaround, consider avoiding the use of the `--log` argument until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A problematic issue has been found in GNU Binutils, affecting the ` bfd elf write section eh frame` function of the `ld` component. This issue leads to memory corruption and can be initiated remotely, although the complexity of an attack is rather high and the exploitability is difficult. **Recommendations** To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider restricting access to the ` bfd elf write section eh frame` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A critical vulnerability was found in GNU Binutils, affecting the function `bfd elf reloc symbol deleted p` of the file `bfd/elflink.c` of the component `ld`. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch, specifically the one identified as `b425859021d17adf62f06fb904797cf8642986ad`. As a temporary workaround, consider disabling the `bfd elf reloc symbol deleted p` function until a patch is available. Restrict access to the `bfd/elflink.c` file to minimize the risk of exploitation. Avoid using the `ld` component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A critical issue has been found in GNU Binutils, affecting the function `bfd putl64` of the file `bfd/libbfd.c` of the component `ld`. This issue leads to memory corruption and can be exploited remotely, although the complexity of an attack is rather high and the exploitation is known to be difficult. **Recommendations** For GNU Binutils version 2.43, upgrade to version 2.44 to address this issue. As a temporary workaround, consider restricting the use of the `bfd putl64` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A critical issue affects the function ` bfd elf gc mark rsec` of the file `elflink.c` of the component `ld`. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. **Recommendations** Apply a patch to fix this issue, specifically the patch named `f9978defb6fab0bd8583942d97c112b0932ac814`. As a temporary workaround, consider restricting access to the vulnerable function ` bfd elf gc mark rsec` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A vulnerability was found in GNU Binutils, affecting the function `bfd putl64` of the file `libbfd.c` of the component `ld`. The manipulation leads to memory corruption. The attack can be launched remotely, but the complexity of an attack is rather high and the exploitation appears to be difficult. **Recommendations** To fix this issue, it is recommended to apply a patch, specifically the one with the identifier `75086e9de1707281172cc77f178e7949a4414ed0`. As a temporary workaround, consider disabling the `bfd putl64` function until a patch is available. Restrict access to the `libbfd.c` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A critical vulnerability was found in GNU Binutils, affecting the function ` bfd elf gc mark rsec` of the file `bfd/elflink.c` of the component `ld`. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch with the name `931494c9a89558acb36a03a340c01726545eef24`. As a temporary workaround, consider disabling the ` bfd elf gc mark rsec` function until a patch is available. Restrict access to the vulnerable component `ld` to minimize the risk of exploitation. Avoid using the affected `bfd/elflink.c` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions up to 2.43 **Description** A problematic issue was found in GNU Binutils, affecting the `disassemble bytes` function of the file `binutils/objdump.c`. The manipulation of the `buf` argument leads to a stack-based buffer overflow. It is possible to initiate the attack remotely, with a rather high complexity and difficult exploitability. **Recommendations** GNU Binutils versions up to 2.43: Upgrade to version 2.44 to address this issue.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions 2.43 through 2.44 **Description** A problematic vulnerability was found in GNU Binutils, affecting the `bfd set format` function of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely, with a rather high complexity, making exploitation difficult. **Recommendations** For GNU Binutils versions 2.43 through 2.44, upgrade to version 2.45 to address this issue. As a temporary workaround, consider disabling the `bfd set format` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A memory leak issue was found in the `link order scan` function of the ld component, specifically in the file ld/ldelfgen.c. This issue can be exploited remotely, but the complexity of an attack is rather high, and the exploitation is known to be difficult. The attack leads to a memory leak. **Recommendations** For GNU Binutils version 2.43, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `link order scan` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.43 **Description** A problem has been found in the function ` sanitizer::internal strlen` of the file binutils/nm.c of the component nm. The manipulation of the argument `const` leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. **Recommendations** For GNU Binutils version 2.43, as a temporary workaround, consider restricting access to the function ` sanitizer::internal strlen` until a patch is available. Additionally, be cautious when using the `const` argument to minimize the risk of buffer overflow exploitation.