PT-2021-7942 · Gnu+3 · Binutils+3

Published

2020-11-18

Updated

2024-06-15

CVE-2020-35493

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions binutils versions prior to 2.34

Description The issue is caused by a heap buffer overflow in the bfd pef parse function stubs function in bfd/pef.c, which can lead to an out-of-bounds read. This can be exploited by submitting a crafted PEF file to be parsed by objdump, potentially impacting application availability.

Recommendations For versions prior to 2.34, update to version 2.34 or later to resolve the issue. As a temporary workaround, consider restricting the use of the objdump tool with crafted PEF files until a patch is available. Avoid using the bfd pef parse function stubs function in bfd/pef.c with untrusted input until the issue is resolved.

Exploit

Fix

Heap Based Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-20

Related Identifiers

ALT-PU-2020-3352

ALT-PU-2020-3433

ALT-PU-2021-1230

BDU:2023-05796

CVE-2020-35493

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

Affected Products

Alt Linux

Astra Linux

Suse

Binutils

PT-2021-7942 · Gnu+3 · Binutils+3

CVE-2020-35493

Weakness Enumeration

Related Identifiers

Affected Products

References · 172