Vulnerability CVE-2020-16591

Vulnerability Name:

CVE-2020-16591 (CCN-192875)

Assigned:

2020-04-15

Published:

2020-04-15

Updated:

2022-03-23

Summary:

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-16591

Source: XF
Type: UNKNOWN
gnu-binutils-cve202016591-dos(192875)

Source: CONFIRM
Type: Technical Description
https://security.netapp.com/advisory/ntap-20210115-0003/

Source: CCN
Type: Sourceware Bugzilla Bug 25822
Invalid read in process_symbol_table()

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=25822

Source: CCN
Type: Binutils GIT Repository
PR25822, Invalid read in process_symbol_table

Source: MISC
Type: Patch, Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2

Source: CCN
Type: IBM Security Bulletin 6403806 (Netezza Analytics)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6445777 (Netezza Performance Server)
Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Source: CCN
Type: IBM Security Bulletin 6453339 (Netezza Analytics for NPS)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:binutils:2.35:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:binutils:2.34:*:*:*:*:*:*:*

AND

cpe:/a:ibm:netezza_analytics:3.3.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7991	P	binutils-devel-32bit-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7446	P	bash-4.4-150400.25.22 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7490	P	emacs-27.2-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7451	P	binutils-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51976	P	Security update for sqlite3 (Moderate)	2022-12-28
oval:org.opensuse.security:def:804	P	Security update for postgresql-jdbc (Important)	2022-10-06
oval:org.opensuse.security:def:95430	P	Security update for gimp (Moderate)	2022-08-01
oval:org.opensuse.security:def:3705	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:3522	P	hardlink-1.0-6.38 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3366	P	socat-1.7.2.4-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94926	P	libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94508	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2878	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94996	P	binutils-devel-32bit-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94634	P	libekmfweb1-2.19.0-150400.5.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:102143	P	Security update for python-paramiko (Moderate)	2022-04-28
oval:org.opensuse.security:def:4585	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:99758	P	(Important)	2022-03-08
oval:org.opensuse.security:def:100069	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112006	P	binutils-2.37-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101639	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:99165	P	(Important)	2021-12-06
oval:org.opensuse.security:def:4517	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:111132	P	Security update for binutils (Moderate)	2021-11-15
oval:org.opensuse.security:def:93584	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1134	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106249	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:10360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92410	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100011	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:6219	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:68535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94406	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:93110	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108305	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74742	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101812	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105660	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9054	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:70500	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102584	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117527	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93769	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1489	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106448	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73733	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92609	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100347	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:68579	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101347	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64611	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93270	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76039	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102069	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105855	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9610	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92020	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99157	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:66971	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99559	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117819	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93983	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:106735	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73916	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92808	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100676	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:111775	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69750	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64794	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:98970	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93428	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:109250	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76376	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:95871	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106050	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92215	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99692	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:5882	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:67308	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:118335	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94195	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108013	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:8859	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69949	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65606	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:31699	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58035	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86676	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23698	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:51686	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:82648	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:125621	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33992	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:60406	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30143	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:56086	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84688	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58859	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:87500	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23988	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83350	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:126788	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:34583	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30263	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57119	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:85760	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33036	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59557	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88211	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55264	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:127185	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31296	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57522	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86163	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33734	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59815	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88528	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:29441	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55966	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84230	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:5145	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:105564	P	binutils-2.37-1.3 on GA media (Moderate)	2021-10-01

BACK