Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2021-46174

Published: 22 August 2023

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Notes

AuthorNote
seth-arnold
binutils isn't safe for untrusted inputs.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
focal Needed

jammy Not vulnerable
(2.38-3ubuntu1)
lunar Not vulnerable
(2.40-2ubuntu4)
upstream
Released (2.38)
bionic
Released (2.30-21ubuntu1~18.04.9+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
trusty
Released (2.24-5ubuntu14.2+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
mantic Not vulnerable
(2.41-4ubuntu1)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97b6962807d33c04ed7e7797788438

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H