CVE-2021-3487

medium

Description

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947111

https://lists.fedoraproject.org/archives/list/[email protected]/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/

https://lists.fedoraproject.org/archives/list/[email protected]/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/

https://security.gentoo.org/glsa/202208-30

Details

Source: MITRE

Published: 2021-04-15

Updated: 2022-10-27

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM