CVE-2020-19726

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions binutils version 2.36

Description An issue was discovered in binutils libbfd.c relating to the auxiliary symbol data, allowing attackers to read or write to system memory or cause a denial of service. The vulnerability is also described as a buffer overflow issue in the bfd getl32 function, which can be exploited by a remote attacker to gain read, modify, or delete access to data or cause a denial of service.

Recommendations For binutils version 2.36, consider disabling the vulnerable bfd getl32 function in libbfd.c as a temporary workaround until a patch is available. Restrict access to the auxiliary symbol data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Heap Based Buffer Overflow

Buffer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-119CWE-400

Related Identifiers

BDU:2023-05851

CVE-2020-19726

OPENSUSE-SU-2023_3825-1

OPENSUSE-SU-2024:13411-1

SUSE-SU-2023:3695-1

SUSE-SU-2023:3825-1

SUSE-SU-2023_3695-1

SUSE-SU-2023_3825-1

USN-6381-1

USN-6544-1

Affected Products

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Binutils

CVE-2020-19726

Weakness Enumeration

Related Identifiers

Affected Products

References · 78