PT-2020-6906 · Gnu+2 · Gnu Binutils+2

Manh-Dung Nguyen

Published

2020-12-09

Updated

2024-06-15

CVE-2020-16590

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils versions 2.34 through 2.35

Description A double free vulnerability exists in the Binary File Descriptor (BFD) (also known as libbrd) in GNU Binutils. This issue is related to an error in the process symbol table function, as demonstrated in readelf, and can be exploited via a crafted file. The vulnerability may allow an attacker to cause a denial of service.

Recommendations For GNU Binutils version 2.34, consider updating to a version later than 2.35 to resolve the issue. For GNU Binutils version 2.35, as a temporary workaround, consider restricting the use of the process symbol table function in readelf until a patch is available.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2023-1178

BDU:2023-05787

CVE-2020-16590

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2021_3616-1

SUSE-SU-2022:0934-1

Affected Products

Alt Linux

Gnu Binutils

Suse

PT-2020-6906 · Gnu+2 · Gnu Binutils+2

CVE-2020-16590

Weakness Enumeration

Related Identifiers

Affected Products

References · 170