Memory Leak Vulnerability in GNU Binutils by Free Software Foundation
CVE-2020-21490

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Binutils
Vendor: CVE Published:; 22 August 2023

What is CVE-2020-21490?

A memory leak vulnerability has been identified in GNU Binutils 2.34, stemming from the microblaze-dis.c component. This issue leads to excessive consumption of system memory during the disassembly of each instruction, which can ultimately result in resource exhaustion. It is crucial for users of this product to address this vulnerability to maintain optimal system performance and prevent potential disruption.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=25249

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%...

https://security.netapp.com/advisory/ntap-20230929-0007/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Aug 13, 2020

Gnu

What is CVE-2020-21490?

References

CVSS V3.1

Timeline