PT-2021-7943 · Binutils+2 · Binutils+2

Hao Wang

Published

2021-04-29

Updated

2024-06-15

CVE-2021-20294

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions binutils version 2.35

Description A flaw was found in the binutils readelf program, which is related to a stack buffer overflow and out-of-bounds write of arbitrary data supplied by an attacker. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. An attacker could trigger this issue by convincing a victim to read a crafted file using readelf.

Recommendations For binutils version 2.35, consider updating to a newer version that contains a fix for this issue, as no specific workaround is provided for this version. As a temporary workaround, consider restricting the use of the readelf program until a patch is available. Avoid using readelf to read files from untrusted sources until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021_4364

ALT-PU-2021-2153

ALT-PU-2023-1178

BDU:2023-05797

CVE-2021-20294

OPENSUSE-SU-2021:1475-1

OPENSUSE-SU-2021:3643-1

OPENSUSE-SU-2021_1475-1

OPENSUSE-SU-2021_3643-1

OPENSUSE-SU-2024:11634-1

SUSE-SU-2021:3637-1

SUSE-SU-2021:3643-1

SUSE-SU-2021_3637-1

SUSE-SU-2021_3643-1

SUSE-SU-2022:0934-1

SUSE-SU-2022_0934-1

Affected Products

Alt Linux

Suse

Binutils

PT-2021-7943 · Binutils+2 · Binutils+2

CVE-2021-20294

Weakness Enumeration

Related Identifiers

Affected Products

References · 65