PT-2021-7941 · Binutils+3 · Binutils+3

Guilherme De Almeida Suckevicz

Published

2020-11-18

Updated

2024-06-15

CVE-2020-35507

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions binutils versions prior to 2.34

Description The issue is related to a flaw in the bfd pef parse function stubs function of bfd/pef.c in binutils, which could allow an attacker to cause a NULL pointer dereference by submitting a crafted file to be processed by objdump. This flaw poses the greatest threat to application availability.

Recommendations For versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bfd pef parse function stubs function until a patch is available. Avoid using objdump to process crafted files until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-05795

CVE-2020-35507

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

Affected Products

Alt Linux

Astra Linux

Suse

Binutils

PT-2021-7941 · Binutils+3 · Binutils+3

CVE-2020-35507

Weakness Enumeration

Related Identifiers

Affected Products

References · 171