CVE-2020-16599 - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka lib

CVE-2020-16599

Summary

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

References

Vulnerable Configurations

cpe:2.3:a:gnu:binutils:2.35:*:*:*:*:*:*:*
cpe:2.3:a:gnu:binutils:2.35:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 23-03-2022 - 15:03)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20210122-0003/
misc	https://sourceware.org/bugzilla/show_bug.cgi?id=25842 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4

Last major update

23-03-2022 - 15:03

Published

09-12-2020 - 21:15

Last modified

23-03-2022 - 15:03