Your submission was sent successfully! Close

CVE-2021-3487

Published: 15 April 2021

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
bionic
Released (2.30-21ubuntu1~18.04.7)
focal
Released (2.34-6ubuntu1.3)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(2.36.1-6ubuntu1)
impish Not vulnerable
(2.37-7ubuntu1)
jammy Not vulnerable
(2.38-2ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needed

upstream
Released (2.36)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm3)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24