Vulnerability CVE-2020-16599

Vulnerability Name:

CVE-2020-16599 (CCN-192886)

Assigned:

2020-04-16

Published:

2020-04-16

Updated:

2022-03-23

Summary:

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-16599

Source: XF
Type: UNKNOWN
gnu-binutils-cve202016599-dos(192886)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0003/

Source: CCN
Type: Sourceware Bugzilla Bug 25842
Null pointer dereference in nm-new

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=25842

Source: CCN
Type: Binutils GIT Repository
Re: readelf: Consolidate --syms --use-dynamic with --dyn-syms

Source: MISC
Type: Patch, Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4

Source: CCN
Type: IBM Security Bulletin 6403806 (Netezza Analytics)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6445777 (Netezza Performance Server)
Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Source: CCN
Type: IBM Security Bulletin 6453339 (Netezza Analytics for NPS)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:binutils:2.35:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:binutils:2.34:*:*:*:*:*:*:*

AND

cpe:/a:ibm:netezza_analytics:3.3.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7991	P	binutils-devel-32bit-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7446	P	bash-4.4-150400.25.22 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7490	P	emacs-27.2-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7451	P	binutils-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51976	P	Security update for sqlite3 (Moderate)	2022-12-28
oval:org.opensuse.security:def:804	P	Security update for postgresql-jdbc (Important)	2022-10-06
oval:org.opensuse.security:def:95430	P	Security update for gimp (Moderate)	2022-08-01
oval:org.opensuse.security:def:3705	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:3522	P	hardlink-1.0-6.38 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3366	P	socat-1.7.2.4-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94926	P	libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94508	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2878	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94996	P	binutils-devel-32bit-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94634	P	libekmfweb1-2.19.0-150400.5.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:102143	P	Security update for python-paramiko (Moderate)	2022-04-28
oval:org.opensuse.security:def:4585	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:99758	P	(Important)	2022-03-08
oval:org.opensuse.security:def:100069	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112006	P	binutils-2.37-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101639	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:99165	P	(Important)	2021-12-06
oval:org.opensuse.security:def:4517	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:111132	P	Security update for binutils (Moderate)	2021-11-15
oval:org.opensuse.security:def:93584	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1134	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106249	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:10360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92410	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100011	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:6219	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:68535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94406	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:93110	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108305	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74742	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101812	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105660	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9054	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:70500	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102584	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117527	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93769	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1489	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106448	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73733	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92609	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100347	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:68579	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101347	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64611	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93270	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76039	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102069	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105855	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9610	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92020	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99157	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:66971	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99559	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117819	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93983	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:106735	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73916	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92808	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100676	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:111775	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69750	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64794	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:98970	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93428	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:109250	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76376	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:95871	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106050	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92215	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99692	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:5882	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:67308	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:118335	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94195	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108013	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:8859	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69949	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65606	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:31699	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58035	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86676	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23698	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:51686	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:82648	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:125621	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33992	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:60406	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30143	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:56086	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84688	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58859	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:87500	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23988	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83350	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:126788	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:34583	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30263	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57119	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:85760	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33036	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59557	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88211	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55264	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:127185	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31296	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57522	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86163	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33734	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59815	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88528	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:29441	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55966	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84230	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:5145	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:105564	P	binutils-2.37-1.3 on GA media (Moderate)	2021-10-01

BACK