CVE-2020-16599

MEDIUM

GNU Binutils 2.35 - Denial of Service via Crafted File in BFD Library

Title source: llm
STIX 2.1

Description

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

References (3)

Core 3
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=25842
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210122-0003/

Scores

CVSS v3 5.5
EPSS 0.0007
EPSS Percentile 22.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (5)
gnu/binutils 2.35
netapp/cloud_backup
netapp/hci_management_node
netapp/ontap_select_deploy_administration_utility
netapp/solidfire
Published Dec 09, 2020
Tracked Since Feb 18, 2026