First published: Wed Dec 30 2020(Updated: )
GNU Binutils before 2.34 has a NULL pointer dereference in bfd_pef_parse_function_stubs function in bfd/pef.c due to not checking return value of bfd_malloc. This bug allows attackers to cause a denial of service. Reference: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=25308">https://sourceware.org/bugzilla/show_bug.cgi?id=25308</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/binutils | <2.34 | 2.34 |
GNU Binutils | <2.34 | |
Red Hat Enterprise Linux | =8.0 | |
netapp hci compute node firmware | ||
netapp hci compute node | ||
netapp cloud backup | ||
NetApp ONTAP Select Deploy | ||
netapp solidfire\, enterprise sds \& hci storage node | ||
netapp solidfire \& hci management node | ||
Brocade Fabric OS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35507 is a vulnerability in the bfd_pef_parse_function_stubs function of the binutils package in versions prior to 2.34.
The severity of CVE-2020-35507 is medium, with a severity value of 5.5.
The binutils package versions prior to 2.34 are affected, as well as Redhat Enterprise Linux 8.0, GNU Binutils, Netapp HCI Compute Node Firmware, Netapp Cloud Backup, NetApp ONTAP Select Deploy administration utility, Netapp Solidfire, Enterprise Sds & Hci Storage Node, and Broadcom Brocade Fabric Operating System.
An attacker can exploit CVE-2020-35507 by submitting a crafted file to be processed by objdump, which can cause a NULL pointer dereference.
Yes, the vulnerability can be fixed by updating the binutils package to version 2.34 or newer.