Bug 1911441 (CVE-2020-35495)
Summary: | CVE-2020-35495 binutils: NULL pointer dereference in bfd_pef_parse_symbols function in bfd/pef.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adscvr, ailan, cmoore, dvlasenk, erik-fedora, fweimer, gmccullo, jakub, kaycoth, klember, kwalsh, manisandro, marcandre.lureau, mcermak, mpolacek, mprchlik, nickc, ohudlick, rjones, sadams, sipoyare, virt-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | binutils 2.34 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1911442, 1911549, 1911550, 1911551, 1911552, 1912295, 1912296, 1912297, 1912298, 1912300, 1912301, 1912302, 1912303, 1912304, 1912305, 1912306, 1912307, 1912308, 1912309, 1912310, 1912311, 1912312, 1912313, 1912314, 1912315, 1912316, 1912317, 1912318, 1912319, 1912320, 1912321, 1912322, 1912323, 1912324, 1912325, 1912326, 1912327, 1912329, 1912330, 1912331, 1912332, 1912333, 1912334 | ||
Bug Blocks: | 1908372, 1911446 |
Description
Guilherme de Almeida Suckevicz
2020-12-29 13:33:21 UTC
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1911442] Flaw technical summary: In `bfd_pef_parse_symbols()` of bfd/pef.c, a call is made to `bfd_malloc()` and the return pointer is dereferenced and written to in a call to `bfd_bread()` without first checking to ensure that the pointer does not point to NULL. Due to the fact that a crafted file could cause this allocation to fail, it's possible for an attacker to trigger a NULL pointer dereference. Statement: binutils as shipped with Red Hat Enterprise Linux 8's GCC Toolset 10 and Red Hat Developer Toolset 10 are not affected by this flaw because the versions shipped have already received the patch. |