PT-2020-6908 · Gnu+2 · Gnu Binutils+2

Published

2020-12-09

·

Updated

2024-06-15

·

CVE-2020-16593

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GNU Binutils versions 2.34 through 2.35
Description A Null Pointer Dereference issue exists in the Binary File Descriptor (BFD) library, which can cause a denial of service via a crafted file. The issue is demonstrated in the addr2line tool, specifically in the scan unit for symbols function. This can allow an attacker to cause a service disruption.
Recommendations For GNU Binutils version 2.34, consider disabling the scan unit for symbols function in the BFD library as a temporary workaround until a patch is available. For GNU Binutils version 2.35, consider disabling the scan unit for symbols function in the BFD library as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2023-1178
BDU:2023-05791
CVE-2020-16593
OPENSUSE-SU-2021:1475-1
OPENSUSE-SU-2021:3616-1
OPENSUSE-SU-2021_1475-1
OPENSUSE-SU-2021_3616-1
OPENSUSE-SU-2024:10651-1
SUSE-SU-2021:3593-1
SUSE-SU-2021:3616-1
SUSE-SU-2022:0934-1

Affected Products

Alt Linux
Gnu Binutils
Suse