CVE-2021-45078

Name
CVE-2021-45078
Description
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://sourceware.org/bugzilla/show_bug.cgi?id=28694
MISC https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* binutils >= None <= 2.37

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils edge-main 2.37-r4 Ariadne Conill <ariadne@dereferenced.org> possibly vulnerable
binutils 3.15-main 2.37-r3 Ariadne Conill <ariadne@dereferenced.org> possibly vulnerable
binutils 3.14-main 2.35.2-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.13-main 2.35.2-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.12-main 2.34-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable