CVE-2021-20197Link Following in Binutils

CWE-59Link FollowingCWE-362Race Condition7 documents7 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 69.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU BinutilsRedhat Enterprise Linux
Timeline
PublishedMar 26
Latest updateMay 24

Description

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.0 | Impact: 5.2

Affected Packages3 packages

Debiangnu/binutils< 2.37-3+2
NVDgnu/binutils2.35
CVEListV5gnu/binutilsbinutils 2.35

Also affects: Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: sourceware.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-rq67-5wpf-96wv: There is an open race window when writing output in the following utilities in GNU binutils version 22022-05-24
CVEList
CVE-2021-20197: There is an open race window when writing output in the following utilities in GNU binutils version 22021-03-26
OSV
CVE-2021-20197: There is an open race window when writing output in the following utilities in GNU binutils version 22021-03-26

📋Vendor Advisories

3
Microsoft
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presuma2021-03-09
Red Hat
binutils: Race window allows users to own arbitrary files2021-01-07
Debian
CVE-2021-20197: binutils - There is an open race window when writing output in the following utilities in G...2021
CVE-2021-20197 — Link Following in GNU Binutils | cvebase