CVE-2020-16599: Null Pointer Dereference
First published: Wed Dec 09 2020(Updated: )
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. External References: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=25842">https://sourceware.org/bugzilla/show_bug.cgi?id=25842</a> <a href="https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4">https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Binutils | =2.35 | |
| Netapp Cloud Backup | ||
| Netapp Hci Management Node | ||
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Solidfire | ||
| redhat/binutils | <2.35 | 2.35 |
Remedy
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sourceware.org/bugzilla/show_bug.cgi?id=25842
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906763
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906764
- https://access.redhat.com/security/cve/cve-2020-16599
- https://bugzilla.redhat.com/show_bug.cgi?id=1906762
- https://www.cve.org/CVERecord?id=CVE-2020-16599 https://nvd.nist.gov/vuln/detail/CVE-2020-16599 https://sourceware.org/bugzilla/show_bug.cgi?id=25842 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
- https://security.netapp.com/advisory/ntap-20210122-0003/
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
Frequently Asked Questions
What is CVE-2020-16599?
CVE-2020-16599 is a Null Pointer Dereference vulnerability in the Binary File Descriptor (BFD) library, as distributed in GNU Binutils 2.35.
How does CVE-2020-16599 affect the affected software?
CVE-2020-16599 can cause a denial of service in the affected software via a crafted file.
What is the severity of CVE-2020-16599?
CVE-2020-16599 has a severity rating of medium with a CVSS score of 5.5.
How can I fix CVE-2020-16599?
To fix CVE-2020-16599, update GNU Binutils to version 2.35 or apply the appropriate patch provided by Red Hat.
Where can I find more information about CVE-2020-16599?
You can find more information about CVE-2020-16599 on the following sources: [sourceware.org/bugzilla/show_bug.cgi?id=25842](sourceware.org/bugzilla/show_bug.cgi?id=25842), [sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4](sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4), [bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906763](bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906763).
- collector/redhat-bugzilla
- alias/CVE-2020-16599
- collector/redhat-cve
- agent/references
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/gnu
- canonical/gnu binutils
- version/gnu binutils/2.35
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp hci management node
- canonical/netapp ontap select deploy administration utility
- canonical/netapp solidfire