Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

GNU — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting GNU. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GNU provides a comprehensive collection of free software essential for operating system functionality, primarily serving as the foundational userland for Linux distributions. Its core use case involves delivering command-line utilities, development tools, and system libraries that enable software compilation and execution. Historically, vulnerabilities within the GNU ecosystem have frequently involved buffer overflows and integer overflows, often leading to remote code execution or denial of service conditions. While cross-site scripting is less relevant to its command-line nature, privilege escalation risks have emerged in specific components like coreutils and grep when handling malformed input. Notable security incidents have included critical flaws in GnuPG and Bash, highlighting the importance of rigorous input validation. With seventy-seven recorded CVEs, the project maintains a steady patch cycle, emphasizing stability and security through open-source collaboration and continuous code review processes.

Top products by GNU: Binutils LibreDWG PSPP GRUB2 elfutils Inetutils Mailman cflow GNU SASL ncurses Libgcrypt wget C Library gcc Tar libopts Guix gdb Sed wget2
CVE IDTitleCVSSSeverityPublished
CVE-2025-11082 GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow — BinutilsCWE-122 5.3 Medium2025-09-27
CVE-2025-11081 GNU Binutils objdump.c dump_dwarf_section out-of-bounds — BinutilsCWE-125 3.3 Low2025-09-27
CVE-2025-59378 GNU Guix 安全漏洞 — GuixCWE-669 5.7 Medium2025-09-15
CVE-2025-8746 GNU libopts __strstr_sse2 memory corruption — liboptsCWE-119 3.3 Low2025-08-09
CVE-2025-8736 GNU cflow Lexer c.c yylex buffer overflow — cflowCWE-120 5.3 Medium2025-08-08
CVE-2025-8735 GNU cflow Lexer c.c yylex null pointer dereference — cflowCWE-476 3.3 Low2025-08-08
CVE-2025-8225 GNU Binutils DWARF Section dwarf.c process_debug_info memory leak — BinutilsCWE-401 3.3 Low2025-07-27
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference — BinutilsCWE-476 3.3 Low2025-07-27
CVE-2025-7546 GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write — BinutilsCWE-787 5.3 Medium2025-07-13
CVE-2025-7545 GNU Binutils objcopy.c copy_section heap-based overflow — BinutilsCWE-122 5.3 Medium2025-07-13
CVE-2025-45582 GNU Tar 安全漏洞 — TarCWE-24 4.1 Medium2025-07-11
CVE-2025-6141 GNU ncurses parse_entry.c postprocess_termcap stack-based overflow — ncursesCWE-121 3.3 Low2025-06-16
CVE-2025-5899 GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap — PSPPCWE-590 5.3 Medium2025-06-09
CVE-2025-5898 GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write — PSPPCWE-787 5.3 Medium2025-06-09
CVE-2025-5245 GNU Binutils objdump debug.c debug_type_samep memory corruption — BinutilsCWE-119 5.3 Medium2025-05-27
CVE-2025-5244 GNU Binutils ld elflink.c elf_gc_sweep memory corruption — BinutilsCWE-119 5.3 Medium2025-05-27
CVE-2025-5001 GNU PSPP pspp-convert.c calloc integer overflow — PSPPCWE-190 3.3 Low2025-05-20
CVE-2025-48188 GNU PSPP 安全漏洞 — PSPPCWE-125 2.9 Low2025-05-16
CVE-2025-47815 GNU PSPP 安全漏洞 — PSPPCWE-122 4.5 Medium2025-05-10
CVE-2025-47816 GNU PSPP 安全漏洞 — PSPPCWE-125 2.9 Low2025-05-10
CVE-2025-47814 GNU PSPP 安全漏洞 — PSPPCWE-122 4.5 Medium2025-05-10
CVE-2025-47229 GNU PSPP 安全漏洞 — PSPPCWE-617 2.9 Low2025-05-03
CVE-2025-43920 GNU Mailman 安全漏洞 — MailmanCWE-78 5.4 Medium2025-04-20
CVE-2025-43921 GNU Mailman 安全漏洞 — MailmanCWE-863 5.3 Medium2025-04-20
CVE-2025-43919 GNU Mailman 安全漏洞 — MailmanCWE-24 5.8 Medium2025-04-20
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak — BinutilsCWE-401 3.3 Low2025-04-04
CVE-2025-1377 GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service — elfutilsCWE-404 3.3 Low2025-02-17
CVE-2025-1376 GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service — elfutilsCWE-404 2.5 Low2025-02-17
CVE-2025-1372 GNU elfutils eu-readelf readelf.c print_string_section buffer overflow — elfutilsCWE-120 5.3 Medium2025-02-17
CVE-2025-1371 GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference — elfutilsCWE-476 3.3 Low2025-02-17

This page lists every published CVE security advisory associated with GNU. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.