CVE-2020-35495

Name of the Vulnerable Software and Affected Versions binutils versions prior to 2.34

Description The issue is related to a flaw in the /bfd/pef.c component of the GNU Binutils software development tool, which is associated with null pointer dereference errors. An attacker can exploit this flaw by submitting a specially crafted input file to be processed by the objdump program, potentially causing a denial of service. The greatest threat from this flaw is to application availability.

Recommendations For binutils versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of the objdump program to minimize the risk of exploitation. Avoid processing untrusted or specially crafted input files with the objdump program until the issue is resolved.