PT-2020-6907 · Gnu+7 · Gnu Binutils+7

Published

2020-09-04

Updated

2024-06-15

CVE-2020-35448

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.35.1

Description A heap-based buffer over-read issue was discovered in the Binary File Descriptor (BFD) library, which can occur in bfd getl signed 32 in libbfd.c because sh entsize is not validated in bfd elf slurp secondary reloc section in elf.c. This issue may allow an attacker to gain unauthorized access to protected information.

Recommendations For GNU Binutils version 2.35.1, consider updating to a newer version that contains a fix for this issue, as the current version is affected by a heap-based buffer over-read in the BFD library. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2021:4364

ALT-PU-2021-2153

BDU:2023-05790

CESA-2021_4364

CVE-2020-35448

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

RHSA-2021:4364

RHSA-2021_4364

RLSA-2021:4364

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Gnu Binutils

Red Hat

Rocky Linux

Suse

PT-2020-6907 · Gnu+7 · Gnu Binutils+7

CVE-2020-35448

Weakness Enumeration

Related Identifiers

Affected Products

References · 185