Out-of-Bounds

Affecting binutils package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Remediation

There is no fixed version for Debian:10 binutils.

References

CVSS Score

7.1
low severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE
CVE-2021-3549
CWE
CWE-119
Snyk ID
SNYK-DEBIAN10-BINUTILS-1296882
Disclosed
26 May, 2021
Published
26 May, 2021