CVE-2020-35448

Published: Dec 27, 2020Modified: Jun 17, 2026

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Affected (2)

Products: Gnu: Binutils · Netapp: Ontap Select Deploy Administration Utility

1 product

1 product

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Binutils	Version 2.35.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

https://security.gentoo.org/glsa/202107-24

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210129-0008/

Source: cve@mitre.org

Third Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=26574

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8642dafaef21aa6747cec01df1977e9c52eb4679

Source: cve@mitre.org

https://security.gentoo.org/glsa/202107-24

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210129-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=26574

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8642dafaef21aa6747cec01df1977e9c52eb4679

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.