PT-2020-6702 · Gnu+4 · Gnu Binutils+4

Published

2020-12-09

Updated

2024-06-15

CVE-2020-16592

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.34

Description A use after free issue exists in the Binary File Descriptor (BFD) library, specifically in the bfd hash lookup function, which can cause a denial of service via a crafted file. This issue is demonstrated in nm-new.

Recommendations For GNU Binutils version 2.34, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the bfd hash lookup function until a patch is available.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2022-05642

CVE-2020-16592

MGASA-2021-0011

OESA-2021-1098

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

USN-5124-1

Affected Products

Astra Linux

Gnu Binutils

Linuxmint

Suse

Ubuntu

PT-2020-6702 · Gnu+4 · Gnu Binutils+4

CVE-2020-16592

Weakness Enumeration

Related Identifiers

Affected Products

References · 189