Vulnerability CVE-2020-35493

Vulnerability Name:

CVE-2020-35493 (CCN-194222)

Assigned:

2020-12-29

Published:

2020-12-29

Updated:

2022-09-02

Summary:

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-20
CWE-125
CWE-122

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-35493

Source: CCN
Type: Red Hat Bugzilla - Bug 1911437
(CVE-2020-35493) - CVE-2020-35493 binutils: heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1911437

Source: XF
Type: UNKNOWN
binutils-cve202035493-dos(194222)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-28c78a6ac3

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-24

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210212-0007/

Source: CCN
Type: GNU Binutils Web site
Fix potential illegal memory access when parsing a corrupt PEF format file

Source: CCN
Type: IBM Security Bulletin 6403806 (Netezza Analytics)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6445777 (Netezza Performance Server)
Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Source: CCN
Type: IBM Security Bulletin 6453339 (Netezza Analytics for NPS)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:binutils:*:*:*:*:*:*:*:* (Version < 2.34)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire_&_hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire,_enterprise_sds_&_hci_storage_node:-:*:*:*:*:*:*:*

OR cpe:/o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:binutils:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:netezza_analytics:3.3.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7991	P	binutils-devel-32bit-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7446	P	bash-4.4-150400.25.22 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7490	P	emacs-27.2-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7451	P	binutils-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51976	P	Security update for sqlite3 (Moderate)	2022-12-28
oval:org.opensuse.security:def:804	P	Security update for postgresql-jdbc (Important)	2022-10-06
oval:org.opensuse.security:def:95430	P	Security update for gimp (Moderate)	2022-08-01
oval:org.opensuse.security:def:3705	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:3522	P	hardlink-1.0-6.38 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3366	P	socat-1.7.2.4-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94926	P	libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94508	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2878	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94996	P	binutils-devel-32bit-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94634	P	libekmfweb1-2.19.0-150400.5.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:102143	P	Security update for python-paramiko (Moderate)	2022-04-28
oval:org.opensuse.security:def:4585	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:99758	P	(Important)	2022-03-08
oval:org.opensuse.security:def:100069	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112006	P	binutils-2.37-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101639	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:99165	P	(Important)	2021-12-06
oval:org.opensuse.security:def:4517	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:111132	P	Security update for binutils (Moderate)	2021-11-15
oval:org.opensuse.security:def:93584	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1134	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106249	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:10360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92410	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100011	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:6219	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:68535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94406	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:93110	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108305	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74742	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101812	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105660	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9054	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:70500	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102584	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117527	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93769	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:1489	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106448	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73733	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92609	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100347	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:68579	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101347	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64611	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93270	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76039	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:102069	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:105855	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9610	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92020	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99157	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:66971	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99559	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:117819	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93983	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:106735	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:73916	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92808	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:100676	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:111775	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69750	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:64794	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:98970	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:93428	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:109250	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:76376	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:95871	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106050	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9809	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:92215	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:99692	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:5882	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:67308	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:118335	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:94195	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:108013	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74674	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:101535	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:8859	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:69949	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:65606	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:31699	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58035	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86676	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23698	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:51686	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:82648	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:125621	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33992	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:60406	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30143	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:56086	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84688	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:58859	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:87500	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:23988	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83350	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:126788	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:34583	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:89470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30263	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57119	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:85760	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33036	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59557	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88211	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55264	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:83470	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:127185	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31296	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:57522	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:86163	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33734	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:59815	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:88528	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:29441	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55966	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:84230	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:5145	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:105564	P	binutils-2.37-1.3 on GA media (Moderate)	2021-10-01

BACK