CVE-2020-19726 : An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symb

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

Published 2023-08-22 19:16:06

Updated 2024-10-07 19:36:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-19726

GNU » Binutils » Version: 2.36
cpe:2.3:a:gnu:binutils:2.36:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-19726

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-19726

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-10-07
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-19726

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2020-19726

https://sourceware.org/bugzilla/show_bug.cgi?id=26240

26240 – Heap overflow in libbfd.c
Exploit;Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=26241

26241 – Heap overwrite in bfd/peXXigen
Exploit;Issue Tracking

Jump to

Vulnerability Details : CVE-2020-19726

Products affected by CVE-2020-19726

Exploit prediction scoring system (EPSS) score for CVE-2020-19726

CVSS scores for CVE-2020-19726

CWE ids for CVE-2020-19726

References for CVE-2020-19726