CVE-2020-35448 in Binutils
Summary
by MITRE • 12/27/2020
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/05/2026
The vulnerability resides within the Binary File Descriptor library commonly known as BFD, which is a core component of GNU Binutils and serves as a universal interface for reading and writing binary files across various formats. This specific issue affects version 2.35.1 of the library and represents a heap-based buffer over-read condition that can be exploited by malicious actors to potentially execute arbitrary code or cause system instability. The flaw manifests in the bfd_getl_signed_32 function within libbfd.c, which processes signed 32-bit values from binary data streams.
The technical root cause stems from inadequate validation of the sh_entsize field within the _bfd_elf_slurp_secondary_reloc_section function found in elf.c. This field typically represents the size of entries in a section and is crucial for proper memory allocation and data parsing operations. When processing ELF (Executable and Linkable Format) files, the library fails to properly validate whether the sh_entsize value falls within acceptable bounds before using it to determine buffer sizes for memory operations. This lack of validation creates a scenario where an attacker can craft malicious ELF files with malformed sh_entsize values that cause the program to read beyond allocated heap memory regions.
The operational impact of this vulnerability extends across numerous systems and applications that rely on GNU Binutils for binary file processing, including but not limited to software development tools, security analysis frameworks, and system administration utilities. When exploited, this buffer over-read could lead to information disclosure, denial of service conditions, or potentially remote code execution depending on the specific attack vector and system configuration. The vulnerability is particularly concerning because it affects a foundational library that many other security tools and development environments depend upon, creating widespread potential for exploitation across different software ecosystems.
Security practitioners should immediately update their GNU Binutils installations to versions that contain patches addressing this heap-based buffer over-read issue. The mitigation strategy involves verifying that all applications utilizing BFD functionality have been updated with patched versions of libbfd and the associated ELF processing components. Additionally, implementing proper input validation measures within applications that process user-supplied binary files can help reduce the attack surface. This vulnerability aligns with CWE-125, which describes "Out-of-bounds Read" conditions, and could potentially map to ATT&CK techniques involving privilege escalation through software exploitation or defense evasion via denial of service attacks. Organizations should also consider implementing runtime monitoring and anomaly detection systems to identify potential exploitation attempts targeting this specific memory corruption vulnerability in their binary processing pipelines.
The flaw demonstrates a critical weakness in input validation practices within cryptographic and system-level libraries where assumptions about data integrity are made without proper verification mechanisms. This type of vulnerability often arises when developers assume that input data from external sources will conform to expected formats, failing to implement comprehensive boundary checking for fields that directly influence memory allocation decisions. The consequences extend beyond immediate exploitation as the presence of such vulnerabilities in widely-used system libraries can undermine the security posture of entire software ecosystems that depend on these foundational components for their operations and integrity.