Bug 1947111 (CVE-2021-3487)

Summary: CVE-2021-3487 binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()
Product: [Other] Security Response Reporter: Todd Cullum <tcullum>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adscvr, ailan, aoliva, caswilli, dvlasenk, erik-fedora, fidencio, fweimer, jakub, kaycoth, klember, ktietz, manisandro, marcandre.lureau, mcermak, mnewsome, mpolacek, mprchlik, nickc, ohudlick, rjones, sipoyare, virt-maint, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: binutils 2.36 Doc Type: If docs needed, set a value
Doc Text:
There's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 22:24:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1947304, 1947132, 1947133, 1947134, 1947135, 1947136, 1947137, 1947138, 1947298, 1947299, 1947300, 1947301, 1947302, 1947303, 1947966, 1947969, 1947970    
Bug Blocks: 1938941, 1947652    

Description Todd Cullum 2021-04-07 17:43:20 UTC 
read_section() in dwarf2.c of BFD could cause excessive memory consumption when handling corrupt DWARF debug sections. This could lead to an impact to system availability, denial of service, and/or a crash in applications linked with the BFD library's DWARF functionality if they parse files from untrusted sources.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=26946

Upstream patch commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
Comment 8 Todd Cullum 2021-04-09 15:56:17 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 9 Todd Cullum 2021-04-09 15:56:51 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1947969]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1947970]
Comment 15 errata-xmlrpc 2021-11-09 18:28:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4364 https://access.redhat.com/errata/RHSA-2021:4364
Comment 16 Product Security DevOps Team 2021-11-09 22:24:28 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3487
Comment 18 Sandipan Roy 2023-11-20 04:41:38 UTC 
$ rhcve show CVE-2021-3487
CVE-2021-3487
├─ State:	REJECTED