CVE-2020-16592: Use After Free
First published: Wed Dec 09 2020(Updated: )
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Binutils | =2.34 | |
| NetApp ONTAP Select Deploy administration utility | ||
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
Remedy
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sourceware.org/bugzilla/show_bug.cgi?id=25823
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJIW6KKY2TSLD43XEZXG56WREIIBUIIQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKIMSD5FIC3QFJDKNHR2PSO6JYJGCLHB/
- https://security.netapp.com/advisory/ntap-20210115-0003/
- https://launchpad.net/bugs/cve/CVE-2020-16592
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJIW6KKY2TSLD43XEZXG56WREIIBUIIQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKIMSD5FIC3QFJDKNHR2PSO6JYJGCLHB/
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16592
- https://nvd.nist.gov/vuln/detail/CVE-2020-16592
- https://security-tracker.debian.org/tracker/CVE-2020-16592
- https://ubuntu.com/security/CVE-2020-16592
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-16592.
What is the title of this vulnerability?
The title of this vulnerability is 'A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup'.
What is the description of this vulnerability?
The description of this vulnerability is that a use after free issue exists in the BFD library in GNU Binutils 2.34, which can cause a denial of service via a crafted file.
What software is affected by this vulnerability?
The software affected by this vulnerability includes binutils version 2.30-21ubuntu1~18.04.7, binutils version 2.34-6ubuntu1.3, and binutils version 2.31.1-16.
How can I fix this vulnerability?
To fix this vulnerability, update the binutils package to versions 2.30-21ubuntu1~18.04.7, 2.34-6ubuntu1.3, 2.35.2-2, 2.40-2, or 2.41-5.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-index
- agent/software-canonical-lookup
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/gnu
- canonical/gnu binutils
- version/gnu binutils/2.34
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- package-manager/debian