CVE-2021-45078Out-of-bounds Write in Binutils

CWE-787Out-of-bounds Write10 documents8 sources
Severity
7.8HIGHNVD
CNA9.8OSV9.8
EPSS
0.2%
top 63.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU BinutilsDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedDec 15
Latest updateJun 13

Description

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debiangnu/binutils< 2.37.50.20220106-1+2
NVDgnu/binutils2.37

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35, Enterprise Linux 8.0

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

4
OSV
binutils vulnerabilities2022-03-22
GHSA
GHSA-wg2c-jc4j-gg9c: stab_xcoff_builtin_type in stabs2021-12-16
OSV
CVE-2021-45078: stab_xcoff_builtin_type in stabs2021-12-15
CVEList
CVE-2021-45078: stab_xcoff_builtin_type in stabs2021-12-15

📋Vendor Advisories

5
Ubuntu
GNU binutils vulnerability2023-06-13
Ubuntu
GNU binutils vulnerabilities2022-03-22
Red Hat
binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c2021-12-14
Microsoft
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact as demonstrated by 2021-12-14
Debian
CVE-2021-45078: binutils - stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers...2021
CVE-2021-45078 — Out-of-bounds Write in GNU Binutils | cvebase