Your submission was sent successfully! Close

CVE-2021-3487

Published: 15 April 2021

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(2.36.1-6ubuntu1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.36.1-6ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.34-6ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.30-21ubuntu1~18.04.7)
Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24