CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35495
https://notcve.org/view.php?id=CVE-2020-35495
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /bfd/pef.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911441 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20210212-0007 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35494
https://notcve.org/view.php?id=CVE-2020-35494
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911439 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20210212-0007 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35493
https://notcve.org/view.php?id=CVE-2020-35493
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites que podría tener un impacto en la disponibilidad de la aplicación. • https://bugzilla.redhat.com/show_bug.cgi?id=1911437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20210212-0007 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35448 – binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c
https://notcve.org/view.php?id=CVE-2020-35448
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. Se detectó un problema en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd), distribuida en GNU Binutils versión 2.35.1. Una lectura excesiva de búfer en la región heap de la memoria puede ocurrir en la función bfd_getl_signed_32 en el archivo libbfd.c porque sh_entsize no está comprobado en la función _bfd_elf_slurp_secondary_reloc_section en el archivo elf.c • https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20210129-0008 https://sourceware.org/bugzilla/show_bug.cgi?id=26574 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8642dafaef21aa6747cec01df1977e9c52eb4679 https://access.redhat.com/security/cve/CVE-2020-35448 https://bugzilla.redhat.com/show_bug.cgi?id=1950478 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-16599
https://notcve.org/view.php?id=CVE-2020-16599
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Se presenta una vulnerabilidad de Desreferencia del Puntero Null en la biblioteca Binary File Descriptor (BFD) (también se conoce como libbfd), como se distribuye en GNU Binutils versión 2.35, en _bfd_elf_get_symbol_version_string, como es demostrado en nm-new, que puede causar una denegación de servicio por medio de un archivo diseñado • https://security.netapp.com/advisory/ntap-20210122-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=25842 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4 • CWE-476: NULL Pointer Dereference •