read_section() in dwarf2.c of BFD could cause excessive memory consumption when handling corrupt DWARF debug sections. This could lead to an impact to system availability, denial of service, and/or a crash in applications linked with the BFD library's DWARF functionality if they parse files from untrusted sources. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 Upstream patch commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1947969] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1947970]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4364 https://access.redhat.com/errata/RHSA-2021:4364
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3487
$ rhcve show CVE-2021-3487 CVE-2021-3487 ├─ State: REJECTED