gnu security advisories
9 threat alerts tracking vulnerabilities and security advisories that affect gnu products.
Vulnios monitors gnu CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent gnu security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2017-10684 — gnu — ncurses
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
criticalCVE-2017-10684Critical Vulnerability: CVE-2017-10685 — gnu — ncurses
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
criticalCVE-2017-10685Critical Vulnerability: CVE-2014-9984 — gnu — glibc
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash
criticalCVE-2014-9984Critical Vulnerability: CVE-2016-10324 — gnu — osip
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.
criticalCVE-2016-10324Critical Vulnerability: CVE-2017-7614 — gnu — binutils
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote at
criticalCVE-2017-7614Critical Vulnerability: CVE-2017-7226 — gnu — binutils
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses
criticalCVE-2017-7226Critical Vulnerability: CVE-2014-9939 — gnu — binutils
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
criticalCVE-2014-9939Critical Vulnerability: CVE-2017-6969 — gnu — binutils
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as
criticalCVE-2017-6969Critical Vulnerability: CVE-2015-8972 — gnu — chess
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large inpu
criticalCVE-2015-8972
Track gnu exposure across your environment
Vulnios automatically cross-references your asset inventory against new gnu CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan