PT-2020-6735 · Gnu+9 · Binutils+9

Published

2020-11-25

Updated

2026-01-30

CVE-2021-3487

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions binutils versions prior to 2.36

Description The issue is related to insufficient input validation in the read section() function of the dwarf2.c component in the GNU Binutils development tool. This allows a remote attacker to cause a denial of service by consuming excessive memory with a specially crafted file.

Recommendations For versions prior to 2.36, update to version 2.36 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DWARF functionality in applications linked with the BFD library to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4364

ALT-PU-2021-2851

ALT-PU-2023-1178

BDU:2022-05843

CESA-2021_4364

CLEANSTART-2026-HF39630

CVE-2021-3487

MGASA-2021-0341

OESA-2021-1186

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3616-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3616-1

OPENSUSE-SU-2024:10651-1

RHSA-2021:4364

RHSA-2021_4364

RLSA-2021:4364

SUSE-SU-2021:3593-1

SUSE-SU-2021:3616-1

SUSE-SU-2022:0934-1

USN-5124-1

USN-5341-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Binutils

PT-2020-6735 · Gnu+9 · Binutils+9

CVE-2021-3487

Weakness Enumeration

Related Identifiers

Affected Products

References · 217