https://security.gentoo.org/glsa/202208-30
{ "id": "CVE-2021-45078", "is_known_exploited_vuln": false, "description": "stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45078", "https://sourceware.org/bugzilla/show_bug.cgi?id=28694", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/", "https://security.netapp.com/advisory/ntap-20220107-0002/", "https://security.gentoo.org/glsa/202208-30" ] }
proposed solution
- either update to >=2.38 ...
- ... or apply this patch https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=binutils/stabs.c;h=83ee3ea5fa4a3ab60fa13a465022efdaaf014973;hp=274bfb0e7fa23319859c7e5a795cd3d5b8aed49f;hb=161e87d12167b1e36193385485c1f6ce92f74f02;hpb=d5c94731766bf4f276146fd29c1df8eebc2aaf69