Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-35496

Опубликовано: 22 дек. 2019
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

A flaw was found in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

Отчет

Red Hat has determined this vulnerability to be of low impact, as it can only be triggered by tricking the objdump program into disassembling a corrupt input file, which will only cause the program to fail. binutils as shipped with Red Hat Enterprise Linux 8's GCC Toolset 10 and Red Hat Developer Toolset 10 are not affected by this flaw because the versions shipped have already received the patch.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6binutilsOut of support scope
Red Hat Enterprise Linux 7binutilsOut of support scope
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-10-binutilsNot affected
Red Hat Enterprise Linux 8gcc-toolset-9-binutilsFix deferred
Red Hat Enterprise Linux 9binutilsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1911444binutils: NULL pointer dereference in bfd_pef_scan_start_address function in bfd/pef.c

EPSS

Процентиль: 43%
0.00205
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-35496

CVSS3: 5.5
ubuntu
около 5 лет назад

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

nvd логотип

CVE-2020-35496

CVSS3: 5.5
nvd
около 5 лет назад

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

msrc логотип

CVE-2020-35496

CVSS3: 5.5
msrc
около 5 лет назад

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

debian логотип

CVE-2020-35496

CVSS3: 5.5
debian
около 5 лет назад

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutil ...

github логотип

GHSA-grgx-vvhc-gxxr

CVSS3: 5.5
github
больше 3 лет назад

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

EPSS

Процентиль: 43%
0.00205
Низкий

5.5 Medium

CVSS3