CVE-2021-3549Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 42.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMay 26
Latest updateMay 24

Description

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

Debiangnu/binutils< 2.37-3+2
CVEListV5gnu/binutilsGNU binutils version 2.36
NVDgnu/binutils2.36

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-p2w9-g2w7-8fw9: An out of bounds flaw was found in GNU binutils objdump utility version 22022-05-24
CVEList
CVE-2021-3549: An out of bounds flaw was found in GNU binutils objdump utility version 22021-05-26
OSV
CVE-2021-3549: An out of bounds flaw was found in GNU binutils objdump utility version 22021-05-26

📋Vendor Advisories

2
Red Hat
binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameter2021-01-31
Debian
CVE-2021-3549: binutils - An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An...2021
CVE-2021-3549 — GNU Binutils vulnerability | cvebase