CVE-2020-35493Improper Input Validation in Binutils

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 57.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU BinutilsFedoraproject Fedora
Timeline
PublishedJan 4
Latest updateMay 24

Description

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDgnu/binutils< 2.34
Debiangnu/binutils< 2.33.50.20200107-1+3
CVEListV5gnu/binutilsbinutils 2.34

Also affects: Fedora 32

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-w5g7-j55x-m535: A flaw exists in binutils in bfd/pef2022-05-24
OSV
CVE-2020-35493: A flaw exists in binutils in bfd/pef2021-01-04
CVEList
CVE-2020-35493: A flaw exists in binutils in bfd/pef2021-01-04

📋Vendor Advisories

3
Microsoft
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impa2021-01-12
Debian
CVE-2020-35493: binutils - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a craf...2020
Red Hat
binutils: heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file2019-12-21
CVE-2020-35493 — Improper Input Validation in Binutils | cvebase