CVE-2020-35496

2021-01-0415:15:14

Google

osv.dev

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

48.1%

JSON

There’s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CPENameOperatorVersion
binutils-gdb.giteqgdb_6_5-branchpoint
binutils-gdb.giteqgdb_7_6-branchpoint
binutils-gdb.giteqgdb-8.0-branchpoint
binutils-gdb.giteqgdb_7_4-branchpoint
binutils-gdb.giteqgdb-7.10-branchpoint
binutils-gdb.giteqgdb-7.9-branchpoint
binutils-gdb.giteqgdb_7_2-branchpoint
binutils-gdb.gitequsers/ARM/embedded-binutils-master-2018q4
binutils-gdb.giteqgdb_6_4-branchpoint
binutils-gdb.giteqgdb-7.12-branchpoint

Name	Operator	Version
binutils-gdb.git	eq	gdb_6_5-branchpoint
binutils-gdb.git	eq	gdb_7_6-branchpoint
binutils-gdb.git	eq	gdb-8.0-branchpoint
binutils-gdb.git	eq	gdb_7_4-branchpoint
binutils-gdb.git	eq	gdb-7.10-branchpoint
binutils-gdb.git	eq	gdb-7.9-branchpoint
binutils-gdb.git	eq	gdb_7_2-branchpoint
binutils-gdb.git	eq	users/ARM/embedded-binutils-master-2018q4
binutils-gdb.git	eq	gdb_6_4-branchpoint
binutils-gdb.git	eq	gdb-7.12-branchpoint