CVE-2020-19726 — Uncontrolled Resource Consumption in Binutils

CWE-400 — Uncontrolled Resource Consumption10 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 73.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedAug 22

Latest updateDec 11

Description

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.37-3+2

▶NVDgnu/binutils2.36

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2023-12-11

▶

OSV

binutils vulnerabilities↗2023-09-18

▶

CVEList

CVE-2020-19726: An issue was discovered in binutils libbfd↗2023-08-22

▶

GHSA

GHSA-r7qv-f5p4-f3qr: An issue was discovered in binutils libbfd↗2023-08-22

▶

OSV

CVE-2020-19726: An issue was discovered in binutils libbfd↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2023-12-11

▶

Ubuntu

GNU binutils vulnerabilities↗2023-09-18

▶

Red Hat

binutils: heap-based buffer overflow in bfd_getl32() in bfd/libbfd.c↗2023-07-14

▶

Debian

CVE-2020-19726: binutils - An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symb...↗2020

▶