PT-2019-6404 · Gnu+3 · Gnu Binutils+3
Nguyễn Đức Mạnh
·
Published
2019-12-27
·
Updated
2024-10-21
·
CVE-2020-35342
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GNU Binutils versions prior to 2.34
Description
The issue is related to an uninitialized-heap vulnerability in the
tic4x print cond function, located in the opcodes/tic4x-dis.c component of the GNU Binutils software development tool. This vulnerability could allow a remote attacker to exploit the error and gain access to confidential data, potentially leading to an information leak.Recommendations
For GNU Binutils versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the
tic4x print cond function in the opcodes/tic4x-dis.c component until a patch is applied.Exploit
Fix
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Gnu Binutils
Red Os
Ubuntu