Loading...

XML

Word

Printable

Type: Security Vulnerability
Resolution: Fixed
Priority: Severe (Users)
Fix Version/s: None
Component/s: None
Labels:
- cve
- glsa
- security

Impact:
Multiple vulnerabilities in binutils make it a good idea to update to latest version if possible.

https://security.gentoo.org/glsa/202208-30

{
  "id": "CVE-2021-45078",
  "is_known_exploited_vuln": false,
  "description": "stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2021-45078",
    "https://sourceware.org/bugzilla/show_bug.cgi?id=28694",
    "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/",
    "https://security.netapp.com/advisory/ntap-20220107-0002/",
    "https://security.gentoo.org/glsa/202208-30"
  ]
}

proposed solution

either update to >=2.38 ...
... or apply this patch https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=binutils/stabs.c;h=83ee3ea5fa4a3ab60fa13a465022efdaaf014973;hp=274bfb0e7fa23319859c7e5a795cd3d5b8aed49f;hb=161e87d12167b1e36193385485c1f6ce92f74f02;hpb=d5c94731766bf4f276146fd29c1df8eebc2aaf69

Assignee:: omasanori

Reporter:: mrl5

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 21/Aug/22 11:59 AM

Updated:: 11/Oct/22 12:07 PM

Resolved:: 09/Sep/22 4:35 PM

Details

Description

Attachments

Activity

People

Dates