CVE-2020-35493 (https://sourceware.org/bugzilla/show_bug.cgi?id=25307A): A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2a3559d54602cecfec6d90f792be4a70ad918ab CVE-2020-35494 (https://sourceware.org/bugzilla/show_bug.cgi?id=25307): There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2c5b6e1a1c406cbe06e2d6f77861764ebd01b9ce CVE-2020-35495 (https://sourceware.org/bugzilla/show_bug.cgi?id=25306): There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Same fix as next one according to URL. CVE-2020-35496 (https://sourceware.org/bugzilla/show_bug.cgi?id=25308): There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537 CVE-2020-35507 (https://sourceware.org/bugzilla/show_bug.cgi?id=25308): There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Same patch as previous. All patches included in 2.34 tag, so we're waiting for cleanup whenever possible here.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35a10404afc3d5e0db2ef6a052bf82ca30e32094 commit 35a10404afc3d5e0db2ef6a052bf82ca30e32094 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-01-23 18:44:26 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-01-23 18:45:12 +0000 package.mask: Extend binutils mask Bug: https://bugs.gentoo.org/764170 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
All affected packages masked. No cleanup (toolchain). Please proceed.
(In reply to Andreas K. Hüttel from comment #2) > All affected packages masked. No cleanup (toolchain). Please proceed. Thanks!
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-24 at https://security.gentoo.org/glsa/202107-24 by GLSA coordinator John Helmert III (ajak).
CVE-2020-35342 (https://sourceware.org/bugzilla/show_bug.cgi?id=25319): GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. CVE-2020-21490 (https://sourceware.org/bugzilla/show_bug.cgi?id=25249): An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. CVE-2020-19724 (https://sourceware.org/bugzilla/show_bug.cgi?id=25362): A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.