Your submission was sent successfully! Close

CVE-2021-45078

Published: 15 December 2021

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Priority

Negligible

CVSS 3 base score: 7.8

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian 		bionic Needed

focal Needed

hirsute Ignored
(reached end-of-life)
impish Needed

jammy Not vulnerable
(2.38-2ubuntu1)
trusty Needed

upstream
Released (2.38)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm3)

Notes

AuthorNote
seth-arnold 
binutils isn't safe for untrusted inputs.

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading