PT-2019-6406 · Gnu+3 · Binutils+3

Publicado

2019-12-22

Atualizado

2024-06-15

CVE-2020-35496

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions binutils versions prior to 2.34

Description The issue is related to a flaw in the bfd pef scan start address() function of bfd/pef.c in binutils, which could allow an attacker to cause a NULL pointer dereference by submitting a crafted file to be processed by objdump. This flaw poses the greatest threat to application availability.

Recommendations For binutils versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bfd pef scan start address() function until a patch is available. Avoid using objdump to process untrusted or crafted files until the issue is resolved.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-07821

CVE-2020-35496

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

Produtos afetados

Alt Linux

Astra Linux

Suse

Binutils

PT-2019-6406 · Gnu+3 · Binutils+3

CVE-2020-35496

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 268