Bug 1911441 (CVE-2020-35495) - CVE-2020-35495 binutils: NULL pointer dereference in bfd_pef_parse_symbols function in bfd/pef.c
Summary: CVE-2020-35495 binutils: NULL pointer dereference in bfd_pef_parse_symbols fu...
Keywords:
Status: NEW
Alias: CVE-2020-35495
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1912295 1912296 1912297 1912298 1912300 1912301 1912302 1912303 1912306 1912308 1912310 1912311 1912321 1912332 1912334 1911442 1911549 1911550 1911551 1911552 1912304 1912305 1912307 1912309 1912312 1912313 1912314 1912315 1912316 1912317 1912318 1912319 1912320 1912322 1912323 1912324 1912325 1912326 1912327 1912329 1912330 1912331 1912333
Blocks: 1908372 1911446
TreeView+ depends on / blocked
 
Reported: 2020-12-29 13:33 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-23 16:19 UTC (History)
25 users (show)

Fixed In Version: binutils 2.34
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-12-29 13:33:21 UTC
GNU Binutils before 2.34 has a NULL pointer deference vulnerability in function bfd_pef_parse_symbols (file bfd/pef.c) which could allow attackers to cause a denial of service.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=25306

Comment 1 Guilherme de Almeida Suckevicz 2020-12-29 13:33:44 UTC
Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1911442]

Comment 2 Todd Cullum 2020-12-30 00:45:18 UTC
Flaw technical summary:

In `bfd_pef_parse_symbols()` of bfd/pef.c, a call is made to `bfd_malloc()` and the return pointer is dereferenced and written to in a call to `bfd_bread()` without first checking to ensure that the pointer does not point to NULL. Due to the fact that a crafted file could cause this allocation to fail, it's possible for an attacker to trigger a NULL pointer dereference.

Comment 3 Todd Cullum 2020-12-30 00:52:38 UTC
Statement:

binutils as shipped with Red Hat Enterprise Linux 8's GCC Toolset 10 and Red Hat Developer Toolset 10 are not affected by this flaw because the versions shipped have already received the patch.


Note You need to log in before you can comment on or make changes to this bug.