There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

🗓️ 07 Jan 2021 08:00:00Reported by MicrosoftType

Flaw in binutils tic4x-dis.c allows crafted input to trigger uninitialized memory usage in versions before 2.34.

Reporter	Title	Published	Views	Family All 64
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics	13 Jan 202115:48	–	ibm
AlpineLinux	CVE-2020-35494	4 Jan 202115:15	–	alpinelinux
AstraLinux	Astra Linux – Vulnerability in binutils	3 May 202623:59	–	astralinux
BDU FSTEC	The vulnerability of the opcodes/tic4x-dis.c component of the GNU Binutils development environment allows a hacker to trigger a service failure or disclose protected information.	19 Sep 202300:00	–	bdu_fstec
CBLMariner	CVE-2020-35494 affecting package binutils 2.32-5	29 Jan 202107:39	–	cbl_mariner
Circl	CVE-2020-35494	4 Jan 202119:10	–	circl
CNNVD	GNU Binutils 安全漏洞	4 Jan 202100:00	–	cnnvd
CNVD	GNU Binutils Uninitialized Memory Usage Vulnerability	5 Jan 202100:00	–	cnvd

Vulners

Node

07 Jan 2021 08:00Current

7High risk

Vulners AI Score7

CVSS 25.8

CVSS 3.16.1

EPSS0.00371