Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

GNU — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting GNU. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GNU provides a comprehensive collection of free software essential for operating system functionality, primarily serving as the foundational userland for Linux distributions. Its core use case involves delivering command-line utilities, development tools, and system libraries that enable software compilation and execution. Historically, vulnerabilities within the GNU ecosystem have frequently involved buffer overflows and integer overflows, often leading to remote code execution or denial of service conditions. While cross-site scripting is less relevant to its command-line nature, privilege escalation risks have emerged in specific components like coreutils and grep when handling malformed input. Notable security incidents have included critical flaws in GnuPG and Bash, highlighting the importance of rigorous input validation. With seventy-seven recorded CVEs, the project maintains a steady patch cycle, emphasizing stability and security through open-source collaboration and continuous code review processes.

Top products by GNU: Binutils LibreDWG PSPP GRUB2 elfutils Inetutils Mailman cflow GNU SASL ncurses Libgcrypt wget C Library gcc Tar libopts Guix gdb Sed wget2
CVE IDTitleCVSSSeverityPublished
CVE-2026-9605 GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow — libredwgCWE-122 7.3 High2026-05-26
CVE-2026-9530 GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds — LibreDWGCWE-125 3.3 Low2026-05-26
CVE-2026-9529 GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER null pointer dereference — LibreDWGCWE-476 3.3 Low2026-05-26
CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds — LibreDWGCWE-125 3.3 Low2026-05-25
CVE-2026-9503 GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference — LibreDWGCWE-476 3.3 Low2026-05-25
CVE-2026-9502 GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow — LibreDWGCWE-122 5.3 Medium2026-05-25
CVE-2026-9501 GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion — LibreDWGCWE-617 3.3 Low2026-05-25
CVE-2026-9500 GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow — LibreDWGCWE-122 5.3 Medium2026-05-25
CVE-2026-48829 GNU SASL 代码问题漏洞 — GNU SASLCWE-476 7.5 High2026-05-24
CVE-2026-1858 wget2 Improper Certificate Validation — wget2CWE-20 4.8 Medium2026-04-29
CVE-2026-5958 Race Condition in GNU Sed — SedCWE-367 5.9AIMediumAI2026-04-20
CVE-2025-69720 ncurses 安全漏洞 — ncursesCWE-121 7.3 High2026-03-19
CVE-2026-32772 GNU Inetutils 安全漏洞 — inetutilsCWE-669 3.4 Low2026-03-13
CVE-2026-32746 GNU Inetutils 安全漏洞 — inetutilsCWE-120 9.8 Critical2026-03-13
CVE-2026-28372 GNU Inetutils 安全漏洞 — inetutilsCWE-829 7.4 High2026-02-27
CVE-2026-24061 GNU Inetutils 参数注入漏洞 — InetutilsCWE-88 9.8 Critical2026-01-21
CVE-2025-54770 Grub2: use-after-free in net_set_vlan — grub2CWE-825 4.9 Medium2025-11-18
CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free — grub2CWE-825 4.9 Medium2025-11-18
CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free — grub2CWE-825 4.9 Medium2025-11-18
CVE-2025-61662 Grub2: missing unregister call for gettext command may lead to use-after-free — grub2 7.8 High2025-11-18
CVE-2025-61661 Grub2: grub2: out-of-bounds write via malicious usb device — grub2CWE-131 4.8 Medium2025-11-18
CVE-2025-54771 Grub2: use-after-free in grub_file_close() — grub2CWE-825 4.9 Medium2025-11-18
CVE-2025-11840 GNU Binutils ldmisc.c vfinfo out-of-bounds — BinutilsCWE-125 3.3 Low2025-10-16
CVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return value — BinutilsCWE-252 3.3 Low2025-10-16
CVE-2025-11495 GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow — BinutilsCWE-122 3.3 Low2025-10-08
CVE-2025-11494 GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds — BinutilsCWE-125 3.3 Low2025-10-08
CVE-2025-11414 GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds — BinutilsCWE-125 3.3 Low2025-10-07
CVE-2025-11413 GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds — BinutilsCWE-125 3.3 Low2025-10-07
CVE-2025-11412 GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds — BinutilsCWE-125 3.3 Low2025-10-07
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow — BinutilsCWE-122 5.3 Medium2025-09-27

This page lists every published CVE security advisory associated with GNU. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.