Detections
Analytics

FreeBSD : binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (f4c54b81-bcc8-11eb-a7a6-080027f515ea)

medium Nessus Plugin ID 152668

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Hao Wang reports :

There's a flaw in the BFD library of binutils in versions before 2.36.
An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Solution

Update the affected package.

See Also

https://sourceware.org/bugzilla/show_bug.cgi?id=26946

http://www.nessus.org/u?63bca191

Plugin Details

Severity: Medium

ID: 152668

File Name: freebsd_pkg_f4c54b81bcc811eba7a6080027f515ea.nasl

Version: 1.2

Type: local

Published: 8/19/2021

Updated: 8/23/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:binutils, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2021

Vulnerability Publication Date: 11/25/2020

Reference Information

CVE: CVE-2021-3487