CVE-2020-35494

Published: January 4, 2021Last modified: July 22, 2025

Description

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

Severity score breakdown

Parameter	Value
Base score	6.1
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	LOW
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	binutils	Not affected (2.39-r2)
Alpaquita Linux	Stream	binutils	Not affected (2.41-r0)
Hardened Containers	23 LTS	binutils	Not affected (2.39-r2)
Hardened Containers	Stream	binutils	Not affected (2.41-r0)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1911439
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/
https://security.gentoo.org/glsa/202107-24
https://security.netapp.com/advisory/ntap-20210212-0007/