Bug 2033715 (CVE-2021-45078)

Summary: CVE-2021-45078 binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, ailan, aoliva, aprice, bdettelb, caswilli, crizzo, dfreiber, doconnor, drow, dvlasenk, erik-fedora, fjansen, fweimer, hkataria, jakub, jburrell, jforrest, jkoehler, jmitchel, jsamir, jtanner, jvasik, jwong, kaycoth, kholdawa, kshier, ktietz, lcouzens, lphiri, manisandro, marcandre.lureau, mcermak, micjohns, mpierce, mpolacek, mprchlik, mskarbek, nickc, oezr, ohudlick, psampaio, rblanco, rjones, saroy, sipoyare, sthirugn, teagle, virt-maint, vkrizan, vkumar, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: binutils 2.38 Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2033716, 2033717, 2034103, 2034104, 2034105, 2034106, 2034107, 2034108, 2034109, 2034110, 2034111, 2034112    
Bug Blocks: 2033719    

Description Guilherme de Almeida Suckevicz 2021-12-17 17:02:19 UTC 
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=28694

Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
Comment 1 Guilherme de Almeida Suckevicz 2021-12-17 17:02:48 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2033716]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2033717]
Comment 7 Siddhesh Poyarekar 2023-10-13 15:01:13 UTC 
This is not security-relevant as per the binutils security policy:

https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

Could the CVE be disputed/rejected please?
Comment 8 Guilherme de Almeida Suckevicz 2023-10-13 15:16:44 UTC 
Redirecting needinfo to @saroy. He handled this CVE.
Comment 9 Sandipan Roy 2023-10-13 17:22:55 UTC 
In reply to comment #7:
> This is not security-relevant as per the binutils security policy:
> 
> https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt
> 
> Could the CVE be disputed/rejected please?


We are not the owning or assigning CNA for this CVE.

CVE-2021-45078
├─ State:	PUBLISHED
└─ Owning CNA:	mitre
Comment 10 Siddhesh Poyarekar 2023-10-13 17:42:34 UTC 
Can we please file a dispute and mark products as not-affected?
Comment 11 Sandipan Roy 2023-10-16 13:30:28 UTC 
In reply to comment #10:
> Can we please file a dispute and mark products as not-affected?

Pedro can help on this.
Comment 12 Pedro Sampaio 2023-10-19 17:34:26 UTC 
In reply to comment #11:
> In reply to comment #10:
> > Can we please file a dispute and mark products as not-affected?
> 
> Pedro can help on this.

Sure, I'll bring this to the CNA group as we have a batch of binutils CVEs to ask for rejection.