CVE-2020-35496

CVE	CVE-2020-35496
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-01-04 15:15:00 UTC
Updated	2023-11-07 03:21:00 UTC
Description	There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

Problem Types: CWE-476

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Broadcom	Brocade Fabric Operating System Firmware	-	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Application	Gnu	Binutils	All	All	All	All
Application	Gnu	Binutils	All	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Operating System	Netapp	Hci Compute Node Firmware	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Netapp	Solidfire Enterprise Sds Hci Storage Node	-	All	All	All
Application	Netapp	Solidfire Hci Management Node	-	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-9.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
January 2021 GNU Binutils Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-9.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
Binutils: Multiple vulnerabilities (GLSA 202107-24) — Gentoo security	GENTOO	security.gentoo.org
1911444 – (CVE-2020-35496) CVE-2020-35496 binutils: NULL pointer dereference in bfd_pef_scan_start_address function in bfd/pef.c	MISC	bugzilla.redhat.com	Exploit, Issue Tracking, Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

670329 EulerOS Security Update for binutils (EulerOS-SA-2021-1895)
710052 Gentoo Linux Binutils Multiple vulnerabilities (GLSA 202107-24)
751313 SUSE Enterprise Linux Security Update for binutils (SUSE-SU-2021:3593-1)
751321 SUSE Enterprise Linux Security Update for binutils (SUSE-SU-2021:3616-1)
751331 OpenSUSE Security Update for binutils (openSUSE-SU-2021:3616-1)
751350 OpenSUSE Security Update for binutils (openSUSE-SU-2021:1475-1)
751916 SUSE Enterprise Linux Security Update for binutils (SUSE-SU-2022:0934-1)
900216 CBL-Mariner Linux Security Update for binutils 2.32
903481 Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (3717)