CVE-2020-16599NULL Pointer Dereference in Binutils

CWE-476NULL Pointer Dereference10 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU BinutilsGNU GDB
Timeline
PublishedDec 9
Latest updateJun 20

Description

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debiangnu/binutils< 2.35-1+3
CVEListV5gnu/binutilsbinutils 2.39-7
NVDgnu/binutils2.35
Ubuntugnu/gdb< 9.2-0ubuntu1~20.04.2+3

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

4
OSV
gdb vulnerabilities2024-06-20
GHSA
GHSA-77qx-69hx-pmqh: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22022-05-24
OSV
CVE-2020-16599: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22020-12-09
CVEList
CVE-2020-16599: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22020-12-09

📋Vendor Advisories

5
Ubuntu
gdb vulnerabilities2024-06-20
Microsoft
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an inc2023-01-10
Red Hat
binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault2022-10-19
Red Hat
binutils: Null Pointer Dereference in _bfd_elf_get_symbol_version_string could result in DoS2020-12-10
Debian
CVE-2020-16599: binutils - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (B...2020
CVE-2020-16599 — NULL Pointer Dereference in Binutils | cvebase