Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-3487

Published: 15 April 2021

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
impish Not vulnerable
(2.37-7ubuntu1)
jammy Not vulnerable
(2.38-2ubuntu1)
lunar Not vulnerable
(2.38-2ubuntu1)
hirsute Not vulnerable
(2.36.1-6ubuntu1)
groovy Ignored
(end of life)
bionic
Released (2.30-21ubuntu1~18.04.7)
focal
Released (2.34-6ubuntu1.3)
trusty Needed

upstream
Released (2.36)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
kinetic Not vulnerable
(2.38-2ubuntu1)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H