CVE-2020-35342 — Vulnetix

CVE-2020-35342 PUBLISHED

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

EPSS 0.08% · 24.4th percentile

Risk Scores

EPSS Score

0.08%

24.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	binutils	2.29.1-8ubuntu1, 2.30-7ubuntu1, 2.30-11ubuntu1
Ubuntu:Pro:16.04:LTS	binutils	2.26.1-1ubuntu1~16.04.8+esm3, 2.26.1-1ubuntu1~16.04.8+esm4, 2.26.1-1ubuntu1~16.04.8+esm5
Ubuntu:Pro:14.04:LTS	binutils	2.24-5ubuntu14, *, 2.24-5ubuntu14.2+esm2

Exploit Intelligence

CIRCL seen: CVE-2020-35342 (circl-sighting)
https://sourceware.org/bugzilla/show_bug.cgi?id=25319 (circl)
https://security.netapp.com/advisory/ntap-20231006-0009/ (circl)

Timeline

Aug 22, 2023 CVE Published
Aug 22, 2023 PoC Published
Aug 23, 2023 EPSS Score
Sep 25, 2023 EPSS Score
Oct 28, 2023 EPSS Score
Nov 30, 2023 EPSS Score
Jan 3, 2024 EPSS Score
Feb 5, 2024 EPSS Score
Mar 9, 2024 EPSS Score
Mar 14, 2024 CVE Updated
Apr 11, 2024 EPSS Score
May 14, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2020-35342 third-party-advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=25319 third-party-advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8c5e259235a4e4546910245b170de1e29a711034 third-party-advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2c5b6e1a1c406cbe06e2d6f77861764ebd01b9ce third-party-advisory
https://ubuntu.com/security/notices/USN-6381-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-35342 third-party-advisory

Open in Interactive Console →