CVE-2014-7169 — Bash Shellshock secondary injection via function-name parser interpolation

CVE-2019-18276: Bash restricted-bypass via enable builtin loading shared objects during startup

CVE-2019-18276: bash disable_priv_mode leaks saved UID, exploitable via 'enable -f'

CVE-2014-6271 Shellshock: Bash executes trailing commands after function definition imported from env vars

CVE-2014-6271 Shellshock — bash function-import parser boundary bug

CVE-2020-16592: UAF in binutils BFD section merging

CVE-2022-38126: Memory leak in binutils BFD read_abbrevs() — unlinked cur_abbrev->attrs not freed on bfd_realloc failure

CVE-2022-38126: memory leak in binutils display_debug_abbrev

CVE-2022-38126: Memory Leak in BFD DWARF Abbreviation Table Handling

CVE-2017-8421: binutils objdump unbounded memory allocation via crafted ELF e_phnum / sh_size

CVE-2017-8421: binutils objdump unbounded allocation from forged ELF section metadata

CVE-2017-8421: Unbounded Memory Allocation in ELF Relocation Section Parsing

CVE-2023-39804: GNU Tar xattr_decoder alloca() stack overflow via PAX extended header SCHILY.xattr value

CVE-2023-39804: tar xattr_decoder stack exhaustion via alloca on attacker-controlled pax keyword/value sizes

CVE-2016-6321: GNU tar path traversal via --strip-components

CVE-2022-48303: tar from_header() base-256 decoder off-by-one heap over-read

CVE-2022-48303: GNU tar heap OOB read in from_header base-256 decoder

CVE-2019-5953: wget 1.20.1 heap buffer overflow in reencode_escapes() URL handling

CVE-2019-5953: heap buffer overflow in wget iri.c do_conversion

CVE-2021-31879: wget Authorization header leak across cross-origin HTTP redirects