Vulnerabilities > CVE-2020-16592 - Use After Free vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2020-12-09

Updated: 2023-11-07

Summary

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Binutils 2.34	1
Application	Netapp Netapp Ontap Select Deploy Administration Utility -	1
OS	Fedoraproject Fedoraproject Fedora 32 Fedoraproject Fedora 33	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://sourceware.org/bugzilla/show_bug.cgi?id=25823
https://security.netapp.com/advisory/ntap-20210115-0003/
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKIMSD5FIC3QFJDKNHR2PSO6JYJGCLHB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJIW6KKY2TSLD43XEZXG56WREIIBUIIQ/