CVE-2020-35448

🗓️ 16 Apr 2021 18:11:57Reported by redhat.comType

An issue in GNU Binutils 2.35.1 BFD library allows heap-based buffer over-read in bfd_getl_signed_32 due to unvalidated sh_entsize in _bfd_elf_slurp_secondary_reloc_sectio

Reporter	Title	Published	Views	Family All 68
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software	6 Aug 202110:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93	14 Mar 202220:12	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs	29 Apr 202502:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics	19 May 202108:06	–	ibm
Tenable Nessus	Amazon Linux 2 : gcc10-binutils (ALAS-2021-1702)	16 Sep 202100:00	–	nessus
Tenable Nessus	AlmaLinux 8 : binutils (ALSA-2021:4364)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : binutils (CESA-2021:4364)	11 Nov 202100:00	–	nessus
Tenable Nessus	GLSA-202107-24 : Binutils: Multiple vulnerabilities	24 Jan 202200:00	–	nessus
Tenable Nessus	MiracleLinux 8 : binutils-2.30-108.el8 (AXSA:2021-2582:05)	20 Jan 202600:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-35448
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Apr 2024 01:10Current

2.1Low risk

Vulners AI Score2.1

CVSS 3.13.3

CVSS 24.3

EPSS0.00327