CVE-2021-20294

Name
CVE-2021-20294
Description
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1943533
MISC https://sourceware.org/bugzilla/show_bug.cgi?id=26929
Mailing List https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Patch https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* binutils >= None < 2.35.2
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* binutils >= 2.35 < 2.35.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils 3.12-main 2.34-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.11-main 2.33.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.10-main 2.32-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable