CVE-2020-16592

CVE	CVE-2020-16592
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-12-09 21:15:00 UTC
Updated	2023-11-07 03:18:00 UTC
Description	A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Application	Gnu	Binutils	2.34	All	All	All
Application	Gnu	Binutils	2.34	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-8.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: mingw-binutils-2.34-4.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
25823 – Use after free in bfd_hash_lookup(), as demonstrated by nm-new	MISC	sourceware.org	Exploit, Issue Tracking, Third Party Advisory
sourceware.org Git - binutils-gdb.git/commit		sourceware.org
sourceware.org Git - binutils-gdb.git/commit	MISC	sourceware.org	Patch, Third Party Advisory
December 2020 GNU Binutils Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] Fedora 33 Update: mingw-binutils-2.34-4.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-8.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

198551 Ubuntu Security Notification for GNU binutils Vulnerabilities (USN-5124-1)
670170 EulerOS Security Update for binutils (EulerOS-SA-2021-1670)
670363 EulerOS Security Update for binutils (EulerOS-SA-2021-1767)
670597 EulerOS Security Update for binutils (EulerOS-SA-2021-2355)
751313 SUSE Enterprise Linux Security Update for binutils (SUSE-SU-2021:3593-1)
751321 SUSE Enterprise Linux Security Update for binutils (SUSE-SU-2021:3616-1)
751331 OpenSUSE Security Update for binutils (openSUSE-SU-2021:3616-1)
751350 OpenSUSE Security Update for binutils (openSUSE-SU-2021:1475-1)
751916 SUSE Enterprise Linux Security Update for binutils (SUSE-SU-2022:0934-1)