Lucene search

Veracode Vulnerability DatabaseVERACODE:43010

HistoryAug 30, 2023 - 6:35 p.m.

Denial Of Service (DoS)

2023-08-3018:35:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

binutils

vulnerability

libbfd.c

denial of service

memory

attacker

application crash

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.2%

JSON

binutils is vulnerable to Denial Of Service (DoS). The vulnerability exists in the libbfd.c due to the lack of validation in the auxiliary symbol data, which allows an attacker to read or write to system memory or cause an application crash.

CPENameOperatorVersion
binutils:sideq2.35.1-3
binutils:sideq2.35.1-3

CPE	Name	Operator	Version
	binutils:sid	eq	2.35.1-3
	binutils:sid	eq	2.35.1-3

References

security-tracker.debian.org/tracker/CVE-2020-19726

sourceware.org/bugzilla/show_bug.cgi?id=26240

sourceware.org/bugzilla/show_bug.cgi?id=26241

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for VERACODE:43010