There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P
Vendors Products
Netapp
  • Hci Compute Node Firmware
  • Solidfire\, Enterprise Sds \& Hci Storage Node
  • Cloud Backup
  • Ontap Select Deploy Administration Utility
  • Hci Compute Node
  • Solidfire \& Hci Management Node
Gnu
  • Binutils
Fedoraproject
  • Fedora
Broadcom
  • Brocade Fabric Operating System Firmware

Configuration 1 [-]

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1911439 Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/
https://security.gentoo.org/glsa/202107-24 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210212-0007/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-01-04T14:23:23

Updated: 2021-07-10T04:06:34

Reserved: 2020-12-17T00:00:00

Link: CVE-2020-35494

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2021-01-04T15:15:13.200

Modified: 2023-11-07T03:21:55.540

Link: CVE-2020-35494

JSON object: View

cve-icon Redhat Information

No data.

CWE