ALAS2-2021-1702 --- gcc10-binutilsID: oval:org.secpod.oval:def:1700717 | Date: (C)2021-09-16 (M)2023-11-13 |
Class: PATCH | Family: unix |
An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. A flaw was found in binutils" readelf program. An attacker who is able to convince a victim using readelf to read a crafted file, could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. There"s a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption