Use After Free in binutils

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Use After Free. A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

ADVISORY
CONFIRM
FEDORA
FEDORA
MISC
MISC

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2020-16592
CWE: CWE-416
Snyk ID: SNYK-DEBIAN10-BINUTILS-1050291
Disclosed: 09 Dec, 2020
Published: 11 Dec, 2020

Use After Free
Affecting binutils package, versions *

Overview

Remediation

References

CVSS Score

Use After Free Affecting binutils package, versions *

Overview

Remediation

References

Use After Free
Affecting binutils package, versions *