PT-2019-6404 · Gnu+3 · Gnu Binutils+3
Nguyễn Đức Mạnh
·
Publicado
2019-12-27
·
Atualizado
2024-10-21
·
CVE-2020-35342
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GNU Binutils versions prior to 2.34
Description
The issue is related to an uninitialized-heap vulnerability in the
tic4x print cond function, located in the opcodes/tic4x-dis.c component of the GNU Binutils software development tool. This vulnerability could allow a remote attacker to exploit the error and gain access to confidential data, potentially leading to an information leak.Recommendations
For GNU Binutils versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the
tic4x print cond function in the opcodes/tic4x-dis.c component until a patch is applied.Exploit
Correção
Improper Initialization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Gnu Binutils
Red Os
Ubuntu