Veracode Vulnerability DatabaseVERACODE:26830Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
binutils:bionic is vulnerable to denial of service (DoS). An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing ‘\0’ character.
| CPE | Name | Operator | Version |
|---|---|---|---|
| binutils:bionic | eq | 2.30-15ubuntu1 | |
| binutils:bionic | eq | 2.30-15ubuntu1 |
References
lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html
lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html
www.securityfocus.com/bid/108903
security.gentoo.org/glsa/202007-39
sourceware.org/bugzilla/show_bug.cgi?id=24689
sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
usn.ubuntu.com/4336-1/
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P