#VU79354 NULL pointer dereference in Binutils - CVE-2020-16599
Vulnerability identifier: #VU79354
Vulnerability risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Binutils
Universal components / Libraries /
Libraries used by multiple products
Vendor: GNU
Description
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in _bfd_elf_get_symbol_version_string. A local attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..
Vulnerable software versions
Binutils: 2.35
External links
https://sourceware.org/bugzilla/show_bug.cgi?id=25842
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
https://security.netapp.com/advisory/ntap-20210122-0003/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
