Vulnerability-Lookup

CVE-2021-3487 (GCVE-0-2021-3487)

Vulnerability from cvelistv5 – Published: 2021-04-15 13:35 – Updated: 2023-11-20 04:40

Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2023-11-20T04:40:03.158Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3487",
    "datePublished": "2021-04-15T13:35:42.000Z",
    "dateRejected": "2023-11-20T04:39:33.907Z",
    "dateReserved": "2021-04-08T00:00:00.000Z",
    "dateUpdated": "2023-11-20T04:40:03.158Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-3487\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-04-15T14:15:17.310\",\"lastModified\":\"2023-11-20T05:15:08.150\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt\"}],\"metrics\":{},\"references\":[]}}"
  }
}

alsa-2021:4364

Vulnerability from osv_almalinux

Published

2021-11-09 09:11

Modified

2021-11-12 10:20

Summary

Moderate: binutils security update

Details

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.

Security Fix(es):

binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487)
binutils: Race window allows users to own arbitrary files (CVE-2021-20197)
binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)
binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://vulners.com/cve/CVE-2020-35448	REPORT
	https://vulners.com/cve/CVE-2021-20197	REPORT
	https://vulners.com/cve/CVE-2021-20284	REPORT
	https://vulners.com/cve/CVE-2021-3487	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "binutils-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.30-108.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Excessive debug section size can cause excessive memory consumption in bfd\u0027s dwarf2.c read_section() (CVE-2021-3487)\n\n* binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n* binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n* binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:4364",
  "modified": "2021-11-12T10:20:56Z",
  "published": "2021-11-09T09:11:20Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-35448"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-20197"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-20284"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3487"
    }
  ],
  "related": [
    "CVE-2021-3487",
    "CVE-2021-20197",
    "CVE-2020-35448",
    "CVE-2021-20284"
  ],
  "summary": "Moderate: binutils security update"
}

BDU:2022-05843

Vulnerability from fstec - Published: 25.11.2020

Title

Уязвимость функции read_section() компонента dwarf2.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции read_section() компонента dwarf2.c программного средства разработки GNU Binutils связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально созданного файла

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», GNU General Public License

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), GNU Binutils

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), до 2.36 (GNU Binutils), 4.7 (Astra Linux Special Edition)

Possible Mitigations

Для Binutils: использование рекомендаций производителя: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-3487 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-3487 https://security-tracker.debian.org/tracker/CVE-2021-3487 https://sourceware.org/bugzilla/show_bug.cgi?id=26946 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, GNU General Public License",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u0434\u043e 2.36 (GNU Binutils), 4.7 (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Binutils:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-3487\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05843",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-3487",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), GNU Binutils",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 read_section() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 dwarf2.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 read_section() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 dwarf2.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2021-3487\nhttps://security-tracker.debian.org/tracker/CVE-2021-3487\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=26946\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CERTFR-2022-AVI-650

Vulnerability from certfr_avis - Published: 2022-07-15 - Updated: 2022-07-15

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2
Juniper Networks	Junos OS	Junos OS versions 21.1.x antérieures à 21.1R3-S1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO
Juniper Networks	Junos OS	Junos OS versions 18.3.x antérieures à 18.3R3-S6
Juniper Networks	Junos OS	Junos OS versions 17.3.x antérieures à 17.3R3-S12
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3
Juniper Networks	Junos Space	Junos Space versions antérieures à 22.1R1
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2
Juniper Networks	Junos OS	Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	N/A	Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1
Juniper Networks	Junos OS	Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8
Juniper Networks	Junos OS	Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions supérieures à 20.1R1
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	Junos OS	Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8
Juniper Networks	Junos OS	Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3
Juniper Networks	Junos OS	Junos OS versions 20.2.x antérieures à 20.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1
Juniper Networks	Junos OS	Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à 21.4.0
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8
Juniper Networks	N/A	Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8
Juniper Networks	Junos OS	Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9
Juniper Networks	Junos OS	Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2
Juniper Networks	Junos OS	Junos OS versions 20.3.x antérieures à 20.3R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3
Juniper Networks	Junos OS	Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3
Juniper Networks	Junos OS	Junos OS versions 15.1.x antérieures à 15.1R7-S10
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S3-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S21
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8
Juniper Networks	Junos OS	Junos OS versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	N/A	Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3
Juniper Networks	Junos OS	Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3

References

Title

Publication Time

cleanstart-2026-hf39630

Vulnerability from cleanstart

Published

2026-01-30 17:20

Modified

2026-01-29 18:58

Summary

potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf

Details

Multiple security vulnerabilities affect the $pkgname-$CTARGET_ARCH package. A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2018-19931	WEB
	https://osv.dev/vulnerability/CVE-2018-19932	WEB
	https://osv.dev/vulnerability/CVE-2018-20002	WEB
	https://osv.dev/vulnerability/CVE-2018-20712	WEB
	https://osv.dev/vulnerability/CVE-2021-3487	WEB
	https://osv.dev/vulnerability/CVE-2022-38126	WEB
	https://osv.dev/vulnerability/CVE-2022-38533	WEB
	https://osv.dev/vulnerability/CVE-2023-1579	WEB
	https://osv.dev/vulnerability/CVE-2023-1972	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-19931	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-19932	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-20002	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-20712	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-3487	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-38126	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-38533	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-1579	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-1972	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "$pkgname-$CTARGET_ARCH"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40-r10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the $pkgname-$CTARGET_ARCH package. A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-HF39630",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T17:20:56.632450Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-HF39630"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-19931"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-19932"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-20002"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-20712"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-3487"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-38126"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-38533"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-1579"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-1972"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19931"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19932"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20002"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20712"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3487"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38126"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38533"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1579"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1972"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf",
  "upstream": [
    "CVE-2018-19931",
    "CVE-2018-19932",
    "CVE-2018-20002",
    "CVE-2018-20712",
    "CVE-2021-3487",
    "CVE-2022-38126",
    "CVE-2022-38533",
    "CVE-2023-1579",
    "CVE-2023-1972"
  ]
}

CNVD-2021-36681

Vulnerability from cnvd - Published: 2021-05-24

Title

GNU Binutils资源管理错误漏洞

Description

GNU Binutils（GNU Binary Utilities或binutils）是GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件，并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils BFD library 2.36之前版本存在资源管理错误漏洞，攻击者可利用该漏洞通过过度消耗内存对系统可用性造成影响。

Severity

高

Patch Name

GNU Binutils资源管理错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://bugzilla.redhat.com/show_bug.cgi?id=1947111

Reference

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/

Impacted products

Name
GNU Binutils <2.36

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3487",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3487"
    }
  },
  "description": "GNU Binutils\uff08GNU Binary Utilities\u6216binutils\uff09\u662fGNU\u793e\u533a\u7684\u5f00\u53d1\u7684\u4e00\u7ec4\u7f16\u7a0b\u8bed\u8a00\u5de5\u5177\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u4e3b\u8981\u7528\u4e8e\u5904\u7406\u591a\u79cd\u683c\u5f0f\u7684\u76ee\u6807\u6587\u4ef6\uff0c\u5e76\u63d0\u4f9b\u6709\u8fde\u63a5\u5668\u3001\u6c47\u7f16\u5668\u548c\u5176\u4ed6\u7528\u4e8e\u76ee\u6807\u6587\u4ef6\u548c\u6863\u6848\u7684\u5de5\u5177\u3002\n\nGNU Binutils BFD library 2.36\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fc7\u5ea6\u6d88\u8017\u5185\u5b58\u5bf9\u7cfb\u7edf\u53ef\u7528\u6027\u9020\u6210\u5f71\u54cd\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://bugzilla.redhat.com/show_bug.cgi?id=1947111",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-36681",
  "openTime": "2021-05-24",
  "patchDescription": "GNU Binutils\uff08GNU Binary Utilities\u6216binutils\uff09\u662fGNU\u793e\u533a\u7684\u5f00\u53d1\u7684\u4e00\u7ec4\u7f16\u7a0b\u8bed\u8a00\u5de5\u5177\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u4e3b\u8981\u7528\u4e8e\u5904\u7406\u591a\u79cd\u683c\u5f0f\u7684\u76ee\u6807\u6587\u4ef6\uff0c\u5e76\u63d0\u4f9b\u6709\u8fde\u63a5\u5668\u3001\u6c47\u7f16\u5668\u548c\u5176\u4ed6\u7528\u4e8e\u76ee\u6807\u6587\u4ef6\u548c\u6863\u6848\u7684\u5de5\u5177\u3002\r\n\r\nGNU Binutils BFD library 2.36\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fc7\u5ea6\u6d88\u8017\u5185\u5b58\u5bf9\u7cfb\u7edf\u53ef\u7528\u6027\u9020\u6210\u5f71\u54cd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNU Binutils\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNU Binutils \u003c2.36"
  },
  "referenceLink": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/",
  "serverity": "\u9ad8",
  "submitTime": "2021-05-08",
  "title": "GNU Binutils\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2021-3487

Vulnerability from fkie_nvd - Published: 2021-04-15 14:15 - Updated: 2023-11-20 05:15

Severity

Summary

Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt"
    }
  ],
  "id": "CVE-2021-3487",
  "lastModified": "2023-11-20T05:15:08.150",
  "metrics": {},
  "published": "2021-04-15T14:15:17.310",
  "references": [],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Rejected"
}

GHSA-PXX9-QGHC-QJ98

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-08-16 00:00

Details

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-15T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "There\u0027s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
  "id": "GHSA-pxx9-qghc-qj98",
  "modified": "2022-08-16T00:00:42Z",
  "published": "2022-05-24T17:47:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3487"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-30"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-3487

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

** REJECT ** Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

Aliases

CVE-2021-3487

Aliases

CVE-2021-3487

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-3487",
    "description": "There\u0027s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
    "id": "GSD-2021-3487",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-3487.html",
      "https://access.redhat.com/errata/RHSA-2021:4364",
      "https://ubuntu.com/security/CVE-2021-3487",
      "https://advisories.mageia.org/CVE-2021-3487.html",
      "https://security.archlinux.org/CVE-2021-3487",
      "https://linux.oracle.com/cve/CVE-2021-3487.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3487"
      ],
      "details": "** REJECT ** Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt",
      "id": "GSD-2021-3487",
      "modified": "2023-12-13T01:23:34.890689Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-3487",
        "STATE": "REJECT"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** REJECT ** Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.36",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3487"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There\u0027s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111"
            },
            {
              "name": "FEDORA-2021-d23d016509",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/"
            },
            {
              "name": "FEDORA-2021-9bd201dd4d",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
            },
            {
              "name": "FEDORA-2021-7ca24ddc86",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/"
            },
            {
              "name": "GLSA-202208-30",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-30"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-27T12:45Z",
      "publishedDate": "2021-04-15T14:15Z"
    }
  }
}

MSRC_CVE-2021-3487

Vulnerability from csaf_microsoft - Published: 2021-04-02 00:00 - Updated: 2023-03-10 00:00

Summary

Rejected reason: Non Security Issue. See the binutils security policy for more details https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2021-3487

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 19059-16820		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 16820-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-3487 Rejected reason: Non Security Issue. See the binutils security policy for more details https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-3487.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Rejected reason: Non Security Issue. See the binutils security policy for more details https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt",
    "tracking": {
      "current_release_date": "2023-03-10T00:00:00.000Z",
      "generator": {
        "date": "2025-12-27T18:58:05.450Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-3487",
      "initial_release_date": "2021-04-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-04-23T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2023-03-10T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 binutils 2.36.1-1",
                "product": {
                  "name": "\u003ccm1 binutils 2.36.1-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 binutils 2.36.1-1",
                "product": {
                  "name": "cm1 binutils 2.36.1-1",
                  "product_id": "19059"
                }
              }
            ],
            "category": "product_name",
            "name": "binutils"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 binutils 2.36.1-1 as a component of CBL Mariner 1.0",
          "product_id": "16820-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 binutils 2.36.1-1 as a component of CBL Mariner 1.0",
          "product_id": "19059-16820"
        },
        "product_reference": "19059",
        "relates_to_product_reference": "16820"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3487",
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19059-16820"
        ],
        "known_affected": [
          "16820-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-3487 Rejected reason: Non Security Issue. See the binutils security policy for more details https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-3487.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-23T00:00:00.000Z",
          "details": "2.36.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "Rejected reason: Non Security Issue. See the binutils security policy for more details https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt"
    }
  ]
}

OPENSUSE-SU-2021:1475-1

Vulnerability from csaf_opensuse - Published: 2021-11-15 09:07 - Updated: 2021-11-15 09:07

Summary

Security update for binutils

Severity

Moderate

Notes

Title of the patch: Security update for binutils

Description of the patch: This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. Other fixes: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)

Patchnames: openSUSE-2021-1475

CVE-2020-16590

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-16591

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-16592

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-16593

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-16598

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-16599

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35448

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35493

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35496

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-35507

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-20197

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-20284

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-20294

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3487

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

67 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1179898	self
https://bugzilla.suse.com/1179899	self
https://bugzilla.suse.com/1179900	self
https://bugzilla.suse.com/1179901	self
https://bugzilla.suse.com/1179902	self
https://bugzilla.suse.com/1179903	self
https://bugzilla.suse.com/1180451	self
https://bugzilla.suse.com/1180454	self
https://bugzilla.suse.com/1180461	self
https://bugzilla.suse.com/1181452	self
https://bugzilla.suse.com/1182252	self
https://bugzilla.suse.com/1183511	self
https://bugzilla.suse.com/1183909	self
https://bugzilla.suse.com/1184519	self
https://bugzilla.suse.com/1184620	self
https://bugzilla.suse.com/1184794	self
https://bugzilla.suse.com/1188941	self
https://bugzilla.suse.com/1191473	self
https://bugzilla.suse.com/1192267	self
https://www.suse.com/security/cve/CVE-2020-16590/	self
https://www.suse.com/security/cve/CVE-2020-16591/	self
https://www.suse.com/security/cve/CVE-2020-16592/	self
https://www.suse.com/security/cve/CVE-2020-16593/	self
https://www.suse.com/security/cve/CVE-2020-16598/	self
https://www.suse.com/security/cve/CVE-2020-16599/	self
https://www.suse.com/security/cve/CVE-2020-35448/	self
https://www.suse.com/security/cve/CVE-2020-35493/	self
https://www.suse.com/security/cve/CVE-2020-35496/	self
https://www.suse.com/security/cve/CVE-2020-35507/	self
https://www.suse.com/security/cve/CVE-2021-20197/	self
https://www.suse.com/security/cve/CVE-2021-20284/	self
https://www.suse.com/security/cve/CVE-2021-20294/	self
https://www.suse.com/security/cve/CVE-2021-3487/	self
https://www.suse.com/security/cve/CVE-2020-16590	external
https://bugzilla.suse.com/1179898	external
https://www.suse.com/security/cve/CVE-2020-16591	external
https://bugzilla.suse.com/1179899	external
https://www.suse.com/security/cve/CVE-2020-16592	external
https://bugzilla.suse.com/1179900	external
https://www.suse.com/security/cve/CVE-2020-16593	external
https://bugzilla.suse.com/1179901	external
https://www.suse.com/security/cve/CVE-2020-16598	external
https://bugzilla.suse.com/1179902	external
https://www.suse.com/security/cve/CVE-2020-16599	external
https://bugzilla.suse.com/1179903	external
https://bugzilla.suse.com/1206080	external
https://www.suse.com/security/cve/CVE-2020-35448	external
https://bugzilla.suse.com/1184794	external
https://www.suse.com/security/cve/CVE-2020-35493	external
https://bugzilla.suse.com/1180451	external
https://www.suse.com/security/cve/CVE-2020-35496	external
https://bugzilla.suse.com/1180454	external
https://www.suse.com/security/cve/CVE-2020-35507	external
https://bugzilla.suse.com/1180461	external
https://www.suse.com/security/cve/CVE-2021-20197	external
https://bugzilla.suse.com/1181452	external
https://www.suse.com/security/cve/CVE-2021-20284	external
https://bugzilla.suse.com/1183511	external
https://www.suse.com/security/cve/CVE-2021-20294	external
https://bugzilla.suse.com/1184519	external
https://bugzilla.suse.com/1196680	external
https://www.suse.com/security/cve/CVE-2021-3487	external
https://bugzilla.suse.com/1184620	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for binutils",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for binutils fixes the following issues:\n\nUpdate to binutils 2.37:\n\n* The GNU Binutils sources now requires a C99 compiler and library to\n  build.\n* Support for Realm Management Extension (RME) for AArch64 has been\n  added.\n* A new linker option \u0027-z report-relative-reloc\u0027 for x86 ELF targets\n  has been added to report dynamic relative relocations.\n* A new linker option \u0027-z start-stop-gc\u0027 has been added to disable\n  special treatment of __start_*/__stop_* references when\n  --gc-sections.\n* A new linker options \u0027-Bno-symbolic\u0027 has been added which will\n  cancel the \u0027-Bsymbolic\u0027 and \u0027-Bsymbolic-functions\u0027 options.\n* The readelf tool has a new command line option which can be used to\n  specify how the numeric values of symbols are reported.\n  --sym-base=0|8|10|16 tells readelf to display the values in base 8,\n  base 10 or base 16.  A sym base of 0 represents the default action\n  of displaying values under 10000 in base 10 and values above that in\n  base 16.\n* A new format has been added to the nm program.  Specifying\n  \u0027--format=just-symbols\u0027 (or just using -j) will tell the program to\n  only display symbol names and nothing else.\n* A new command line option \u0027--keep-section-symbols\u0027 has been added to\n  objcopy and strip.  This stops the removal of unused section symbols\n  when the file is copied.  Removing these symbols saves space, but\n  sometimes they are needed by other tools.\n* The \u0027--weaken\u0027, \u0027--weaken-symbol\u0027 and \u0027--weaken-symbols\u0027 options\n  supported by objcopy now make undefined symbols weak on targets that\n  support weak symbols. \n* Readelf and objdump can now display and use the contents of .debug_sup\n  sections.\n* Readelf and objdump will now follow links to separate debug info\n  files by default.  This behaviour can be stopped via the use of the\n  new \u0027-wN\u0027 or \u0027--debug-dump=no-follow-links\u0027 options for readelf and\n  the \u0027-WN\u0027 or \u0027--dwarf=no-follow-links\u0027 options for objdump.  Also\n  the old behaviour can be restored by the use of the\n  \u0027--enable-follow-debug-links=no\u0027 configure time option.\n\n  The semantics of the =follow-links option have also been slightly\n  changed.  When enabled, the option allows for the loading of symbol\n  tables and string tables from the separate files which can be used\n  to enhance the information displayed when dumping other sections,\n  but it does not automatically imply that information from the\n  separate files should be displayed.\n\n  If other debug section display options are also enabled (eg\n  \u0027--debug-dump=info\u0027) then the contents of matching sections in both\n  the main file and the separate debuginfo file *will* be displayed.\n  This is because in most cases the debug section will only be present\n  in one of the files.\n\n  If however non-debug section display options are enabled (eg\n  \u0027--sections\u0027) then the contents of matching parts of the separate\n  debuginfo file will *not* be displayed.  This is because in most\n  cases the user probably only wanted to load the symbol information\n  from the separate debuginfo file.  In order to change this behaviour\n  a new command line option --process-links can be used.  This will\n  allow di0pslay options to applied to both the main file and any\n  separate debuginfo files.\n\n* Nm has a new command line option: \u0027--quiet\u0027.  This suppresses \u0027no\n  symbols\u0027 diagnostic.\n\nUpdate to binutils 2.36:\n\nNew features in the Assembler:\n\n- General:\n\n   * When setting the link order attribute of ELF sections, it is now\n     possible to use a numeric section index instead of symbol name.\n   * Added a .nop directive to generate a single no-op instruction in\n     a target neutral manner.  This instruction does have an effect on\n     DWARF line number generation, if that is active.\n   * Removed --reduce-memory-overheads and --hash-size as gas now\n     uses hash tables that can be expand and shrink automatically.\n\n- X86/x86_64:\n\n   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key\n     Locker instructions. \n   * Support non-absolute segment values for lcall and ljmp.\n   * Add {disp16} pseudo prefix to x86 assembler.\n   * Configure with --enable-x86-used-note by default for Linux/x86.\n\n-  ARM/AArch64:\n\n   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,\n     Cortex-R82, Neoverse V1, and Neoverse N2 cores.\n   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded\n     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call\n     Stack Recorder Extension) and BRBE (Branch Record Buffer\n     Extension) system registers.\n   * Add support for Armv8-R and Armv8.7-A ISA extensions.\n   * Add support for DSB memory nXS barrier, WFET and WFIT\n     instruction for Armv8.7.\n   * Add support for +csre feature for -march. Add CSR PDEC\n     instruction for CSRE feature in AArch64.\n   * Add support for +flagm feature for -march in Armv8.4 AArch64.\n   * Add support for +ls64 feature for -march in Armv8.7\n     AArch64. Add atomic 64-byte load/store instructions for this\n     feature. \n   * Add support for +pauth (Pointer Authentication) feature for\n     -march in AArch64.\n\nNew features in the Linker:\n\n  * Add --error-handling-script=\u003cNAME\u003e command line option to allow\n    a helper script to be invoked when an undefined symbol or a\n    missing library is encountered.  This option can be suppressed\n    via the configure time switch: --enable-error-handling-script=no.\n  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark\n    x86-64-{baseline|v[234]} ISA level as needed.\n  * Add -z unique-symbol to avoid duplicated local symbol names.\n  * The creation of PE format DLLs now defaults to using a more\n    secure set of DLL characteristics.\n  * The linker now deduplicates the types in .ctf sections.  The new \n     command-line option --ctf-share-types describes how to do this:\n     its default value, share-unconflicted, produces the most compact\n     output.\n  * The linker now omits the \u0027variable section\u0027 from .ctf sections\n    by default, saving space.  This is almost certainly what you\n    want unless you are working on a project that has its own\n    analogue of symbol tables that are not reflected in the ELF\n    symtabs.\n\nNew features in other binary tools:\n\n  * The ar tool\u0027s previously unused l modifier is now used for\n    specifying dependencies of a static library. The arguments of\n    this option (or --record-libdeps long form option) will be\n    stored verbatim in the __.LIBDEP member of the archive, which\n    the linker may read at link time.\n  * Readelf can now display the contents of LTO symbol table\n    sections when asked to do so via the --lto-syms command line\n    option.\n  * Readelf now accepts the -C command line option to enable the\n    demangling of symbol names.  In addition the --demangle=\u003cstyle\u003e,\n    --no-demangle, --recurse-limit and --no-recurse-limit options\n    are also now availale.\n\nOther fixes:\n\n- For compatibility on old code stream that expect \u0027brcl 0,label\u0027 to\n  not be disassembled as \u0027jgnop label\u0027 on s390x.  (bsc#1192267)\n  This reverts IBM zSeries HLASM support for now.\n- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).\n- Fix empty man-pages from broken release tarball\n- Fixed a memory corruption with rpath option (bsc#1191473).\n- Fixed slow performance of stripping some binaries (bsc#1183909).\n\nThe following security fixes are addressed by the update:\n\n- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).\n- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).\n- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd\u0027s dwarf2.c read_section() (bsc#1184620).\n- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).\n- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).\n- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).\n- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).\n- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).\n- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).\n- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)\n- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).\n- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).\n- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).\n- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-1475",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1475-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:1475-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6RYWEZ5BKTK6UEP6HAB7B466BPC3SMJ/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:1475-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6RYWEZ5BKTK6UEP6HAB7B466BPC3SMJ/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179898",
        "url": "https://bugzilla.suse.com/1179898"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179899",
        "url": "https://bugzilla.suse.com/1179899"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179900",
        "url": "https://bugzilla.suse.com/1179900"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179901",
        "url": "https://bugzilla.suse.com/1179901"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179902",
        "url": "https://bugzilla.suse.com/1179902"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179903",
        "url": "https://bugzilla.suse.com/1179903"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180451",
        "url": "https://bugzilla.suse.com/1180451"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180454",
        "url": "https://bugzilla.suse.com/1180454"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180461",
        "url": "https://bugzilla.suse.com/1180461"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181452",
        "url": "https://bugzilla.suse.com/1181452"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182252",
        "url": "https://bugzilla.suse.com/1182252"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183511",
        "url": "https://bugzilla.suse.com/1183511"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183909",
        "url": "https://bugzilla.suse.com/1183909"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184519",
        "url": "https://bugzilla.suse.com/1184519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184620",
        "url": "https://bugzilla.suse.com/1184620"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184794",
        "url": "https://bugzilla.suse.com/1184794"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188941",
        "url": "https://bugzilla.suse.com/1188941"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191473",
        "url": "https://bugzilla.suse.com/1191473"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192267",
        "url": "https://bugzilla.suse.com/1192267"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16590 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16590/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16591 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16591/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16592 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16592/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16593 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16593/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16598 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16598/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16599 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16599/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35448 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35448/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35493 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35493/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35496 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35496/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35507 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35507/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20197 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20197/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20284 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20284/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20294 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20294/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3487 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3487/"
      }
    ],
    "title": "Security update for binutils",
    "tracking": {
      "current_release_date": "2021-11-15T09:07:38Z",
      "generator": {
        "date": "2021-11-15T09:07:38Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:1475-1",
      "initial_release_date": "2021-11-15T09:07:38Z",
      "revision_history": [
        {
          "date": "2021-11-15T09:07:38Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "binutils-2.37-lp152.4.9.1.i586",
                "product": {
                  "name": "binutils-2.37-lp152.4.9.1.i586",
                  "product_id": "binutils-2.37-lp152.4.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "binutils-devel-2.37-lp152.4.9.1.i586",
                "product": {
                  "name": "binutils-devel-2.37-lp152.4.9.1.i586",
                  "product_id": "binutils-devel-2.37-lp152.4.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "binutils-gold-2.37-lp152.4.9.1.i586",
                "product": {
                  "name": "binutils-gold-2.37-lp152.4.9.1.i586",
                  "product_id": "binutils-gold-2.37-lp152.4.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libctf-nobfd0-2.37-lp152.4.9.1.i586",
                "product": {
                  "name": "libctf-nobfd0-2.37-lp152.4.9.1.i586",
                  "product_id": "libctf-nobfd0-2.37-lp152.4.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libctf0-2.37-lp152.4.9.1.i586",
                "product": {
                  "name": "libctf0-2.37-lp152.4.9.1.i586",
                  "product_id": "libctf0-2.37-lp152.4.9.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
                "product": {
                  "name": "bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
                  "product_id": "bpftrace-tools-0.11.4-lp152.2.7.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "binutils-devel-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "binutils-devel-2.37-lp152.4.9.1.x86_64",
                  "product_id": "binutils-devel-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
                  "product_id": "binutils-devel-32bit-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "binutils-gold-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "binutils-gold-2.37-lp152.4.9.1.x86_64",
                  "product_id": "binutils-gold-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bpftrace-0.11.4-lp152.2.7.1.x86_64",
                "product": {
                  "name": "bpftrace-0.11.4-lp152.2.7.1.x86_64",
                  "product_id": "bpftrace-0.11.4-lp152.2.7.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-arm-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-avr-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-hppa-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-i386-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-ia64-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-m68k-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-mips-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-ppc-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-rx-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-s390-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-s390x-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-sparc-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-spu-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
                  "product_id": "cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
                  "product_id": "libctf-nobfd0-2.37-lp152.4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libctf0-2.37-lp152.4.9.1.x86_64",
                "product": {
                  "name": "libctf0-2.37-lp152.4.9.1.x86_64",
                  "product_id": "libctf0-2.37-lp152.4.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-2.37-lp152.4.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586"
        },
        "product_reference": "binutils-2.37-lp152.4.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-devel-2.37-lp152.4.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586"
        },
        "product_reference": "binutils-devel-2.37-lp152.4.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-devel-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "binutils-devel-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-devel-32bit-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-gold-2.37-lp152.4.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586"
        },
        "product_reference": "binutils-gold-2.37-lp152.4.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "binutils-gold-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "binutils-gold-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bpftrace-0.11.4-lp152.2.7.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64"
        },
        "product_reference": "bpftrace-0.11.4-lp152.2.7.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bpftrace-tools-0.11.4-lp152.2.7.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch"
        },
        "product_reference": "bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-arm-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-avr-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-hppa-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-i386-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-ia64-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-m68k-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-mips-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-ppc-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-rx-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-s390-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-s390x-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-sparc-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-spu-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libctf-nobfd0-2.37-lp152.4.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586"
        },
        "product_reference": "libctf-nobfd0-2.37-lp152.4.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libctf-nobfd0-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libctf0-2.37-lp152.4.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586"
        },
        "product_reference": "libctf0-2.37-lp152.4.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libctf0-2.37-lp152.4.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        },
        "product_reference": "libctf0-2.37-lp152.4.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-16590",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16590"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16590",
          "url": "https://www.suse.com/security/cve/CVE-2020-16590"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179898 for CVE-2020-16590",
          "url": "https://bugzilla.suse.com/1179898"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16590"
    },
    {
      "cve": "CVE-2020-16591",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16591"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16591",
          "url": "https://www.suse.com/security/cve/CVE-2020-16591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179899 for CVE-2020-16591",
          "url": "https://bugzilla.suse.com/1179899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16591"
    },
    {
      "cve": "CVE-2020-16592",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16592"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16592",
          "url": "https://www.suse.com/security/cve/CVE-2020-16592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179900 for CVE-2020-16592",
          "url": "https://bugzilla.suse.com/1179900"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16592"
    },
    {
      "cve": "CVE-2020-16593",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16593"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16593",
          "url": "https://www.suse.com/security/cve/CVE-2020-16593"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179901 for CVE-2020-16593",
          "url": "https://bugzilla.suse.com/1179901"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16593"
    },
    {
      "cve": "CVE-2020-16598",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16598"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16598",
          "url": "https://www.suse.com/security/cve/CVE-2020-16598"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179902 for CVE-2020-16598",
          "url": "https://bugzilla.suse.com/1179902"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16598"
    },
    {
      "cve": "CVE-2020-16599",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16599"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16599",
          "url": "https://www.suse.com/security/cve/CVE-2020-16599"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179903 for CVE-2020-16599",
          "url": "https://bugzilla.suse.com/1179903"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206080 for CVE-2020-16599",
          "url": "https://bugzilla.suse.com/1206080"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16599"
    },
    {
      "cve": "CVE-2020-35448",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35448"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35448",
          "url": "https://www.suse.com/security/cve/CVE-2020-35448"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184794 for CVE-2020-35448",
          "url": "https://bugzilla.suse.com/1184794"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35448"
    },
    {
      "cve": "CVE-2020-35493",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35493"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -\u003e out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35493",
          "url": "https://www.suse.com/security/cve/CVE-2020-35493"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180451 for CVE-2020-35493",
          "url": "https://bugzilla.suse.com/1180451"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35493"
    },
    {
      "cve": "CVE-2020-35496",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35496"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35496",
          "url": "https://www.suse.com/security/cve/CVE-2020-35496"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180454 for CVE-2020-35496",
          "url": "https://bugzilla.suse.com/1180454"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35496"
    },
    {
      "cve": "CVE-2020-35507",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35507"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35507",
          "url": "https://www.suse.com/security/cve/CVE-2020-35507"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180461 for CVE-2020-35507",
          "url": "https://bugzilla.suse.com/1180461"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35507"
    },
    {
      "cve": "CVE-2021-20197",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20197"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20197",
          "url": "https://www.suse.com/security/cve/CVE-2021-20197"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181452 for CVE-2021-20197",
          "url": "https://bugzilla.suse.com/1181452"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-20197"
    },
    {
      "cve": "CVE-2021-20284",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20284"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20284",
          "url": "https://www.suse.com/security/cve/CVE-2021-20284"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183511 for CVE-2021-20284",
          "url": "https://bugzilla.suse.com/1183511"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-20284"
    },
    {
      "cve": "CVE-2021-20294",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20294"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20294",
          "url": "https://www.suse.com/security/cve/CVE-2021-20294"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184519 for CVE-2021-20294",
          "url": "https://bugzilla.suse.com/1184519"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196680 for CVE-2021-20294",
          "url": "https://bugzilla.suse.com/1196680"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-20294"
    },
    {
      "cve": "CVE-2021-3487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
          "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
          "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
          "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3487",
          "url": "https://www.suse.com/security/cve/CVE-2021-3487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184620 for CVE-2021-3487",
          "url": "https://bugzilla.suse.com/1184620"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-devel-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-devel-32bit-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:binutils-gold-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-0.11.4-lp152.2.7.1.x86_64",
            "openSUSE Leap 15.2:bpftrace-tools-0.11.4-lp152.2.7.1.noarch",
            "openSUSE Leap 15.2:cross-aarch64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-arm-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-avr-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-epiphany-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-hppa64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-i386-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ia64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-m68k-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-mips-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-ppc64le-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-riscv64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-rx-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-s390x-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-sparc64-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-spu-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:cross-xtensa-binutils-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf-nobfd0-2.37-lp152.4.9.1.x86_64",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.i586",
            "openSUSE Leap 15.2:libctf0-2.37-lp152.4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:07:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3487"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-3487 (GCVE-0-2021-3487)

Vulnerability from osv_almalinux

Solution

Vulnerability from cleanstart

Tags

Sightings

Nomenclature