First published: Tue Aug 22 2023(Updated: )
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | <2.34 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=805f38bc551de820bcd7b31d3c5731ae27cf853a
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-19724 is medium, with a CVSS score of 5.5.
CVE-2020-19724 affects GNU Binutils versions before 2.34.
Attackers can exploit CVE-2020-19724 by causing a denial of service through a crafted command.
Yes, updated versions of GNU Binutils (2.35.2-2, 2.40-2, and 2.41-5) are available to address CVE-2020-19724.
More information about CVE-2020-19724 can be found at the following references: [Link 1](https://sourceware.org/bugzilla/show_bug.cgi?id=25362), [Link 2](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=805f38bc551de820bcd7b31d3c5731ae27cf853a), [Link 3](https://launchpad.net/bugs/cve/CVE-2020-19724).