PT-2019-6406 · Gnu+3 · Binutils+3

Published

2019-12-22

Updated

2024-06-15

CVE-2020-35496

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions binutils versions prior to 2.34

Description The issue is related to a flaw in the bfd pef scan start address() function of bfd/pef.c in binutils, which could allow an attacker to cause a NULL pointer dereference by submitting a crafted file to be processed by objdump. This flaw poses the greatest threat to application availability.

Recommendations For binutils versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bfd pef scan start address() function until a patch is available. Avoid using objdump to process untrusted or crafted files until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-07821

CVE-2020-35496

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

Affected Products

Alt Linux

Astra Linux

Suse

Binutils

PT-2019-6406 · Gnu+3 · Binutils+3

CVE-2020-35496

Weakness Enumeration

Related Identifiers

Affected Products

References · 268