CVE-2021-20294Out-of-bounds Write in Binutils

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
7.8HIGHNVD
EPSS
22.7%
top 4.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedApr 29
Latest updateMay 24

Description

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgnu/binutils2.352.35.2
Debiangnu/binutils< 2.35.2-1+3
CVEListV5gnu/binutilsbinutils 2.35.2

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-rrj7-qm3x-w26v: A flaw was found in binutils readelf 22022-05-24
CVEList
CVE-2021-20294: A flaw was found in binutils readelf 22021-04-29
OSV
CVE-2021-20294: A flaw was found in binutils readelf 22021-04-29

📋Vendor Advisories

3
Microsoft
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow out-of-bounds write of arbitr2021-04-13
Debian
CVE-2021-20294: binutils - A flaw was found in binutils readelf 2.35 program. An attacker who is able to co...2021
Red Hat
binutils: stack buffer overflow WRITE may lead to a DoS via a crafted ELF2020-11-21
CVE-2021-20294 — Out-of-bounds Write in GNU Binutils | cvebase