CVE-2021-3549

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1960717

Details

Source: MITRE

Published: 2021-05-26

Updated: 2021-06-04

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:binutils:2.36:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
156515EulerOS Virtualization 3.0.2.6 : binutils (EulerOS-SA-2021-2903)NessusHuawei Local Security Checks
high
156360EulerOS Virtualization 3.0.2.0 : binutils (EulerOS-SA-2021-2837)NessusHuawei Local Security Checks
high
155518EulerOS Virtualization 2.9.1 : binutils (EulerOS-SA-2021-2750)NessusHuawei Local Security Checks
high
155486EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2021-2793)NessusHuawei Local Security Checks
high
153760EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2521)NessusHuawei Local Security Checks
high
153717EulerOS 2.0 SP5 : binutils (EulerOS-SA-2021-2493)NessusHuawei Local Security Checks
high
153712EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2545)NessusHuawei Local Security Checks
high
153628EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-2455)NessusHuawei Local Security Checks
high