CVE-2020-35448
Published: December 27, 2020Last modified: November 8, 2023
Description
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.3 |
Attack Vector | LOCAL |
Attack complexity | LOW |
Privileges required | NONE |
User interaction | REQUIRED |
Scope | UNCHANGED |
Confidentiality | LOW |
Integrity impact | NONE |
Availability impact | NONE |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | 23 LTS | binutils | Not affected (2.39-r2) |
Stream | binutils | Not affected (2.41-r0) |