Bug 2233998 (CVE-2020-35342)

Summary: CVE-2020-35342 binutils: uninitialized heap memory in tic4x_print_cond() in opcodes/tic4x-dis.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acrosby, ailan, bdettelb, caswilli, darunesh, desktop-qa-list, fjansen, fweimer, gdb-bugs, hkataria, jburrell, jmitchel, jsamir, jsherril, jtanner, kaycoth, keiths, kshier, mcermak, mpolacek, mprchlik, nickc, ohudlick, psegedy, rjones, sipoyare, sthirugn, tsasak, virt-maint, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
GNU Binutils has an uninitialized-heap vulnerability in function tic4x_print_cond in opcodes/tic4x-dis.c file which could allow attackers to make an information leak.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-09 09:18:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2234000, 2234001, 2234002, 2234225, 2234226, 2234227, 2234228, 2234229, 2234230, 2234231, 2234232, 2234233, 2234234, 2234235, 2234236, 2234237, 2234238, 2234239    
Bug Blocks: 2233947    

Description Guilherme de Almeida Suckevicz 2023-08-23 20:50:25 UTC 
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=25319
Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 20:55:03 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2234000]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2234001]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2234002]