Описание
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
Отчет
This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this NULL pointer dereference is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 5 | binutils220 | Will not fix | ||
| Red Hat Enterprise Linux 6 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-binutils | Will not fix | ||
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-34/ansible-tower-memcached | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-35/ansible-tower-memcached | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-37/ansible-tower-memcached-rhel7 | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Enterprise Linux 7 | binutils | Fixed | RHSA-2019:2075 | 06.08.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ...
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
Уязвимость функции work_stuff_copy_to_from компонента cplus-dem.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3