Bug 2033715 (CVE-2021-45078) - CVE-2021-45078 binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c
Summary: CVE-2021-45078 binutils: out-of-bounds write in stab_xcoff_builtin_type() in ...
Keywords:
Status: NEW
Alias: CVE-2021-45078
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2033716 2033717 2034103 2034104 2034105 2034106 2034107 2034108 2034109 2034110 2034111 2034112
Blocks: 2033719
TreeView+ depends on / blocked
 
Reported: 2021-12-17 17:02 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-29 03:35 UTC (History)
31 users (show)

Fixed In Version: binutils 2.38
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-12-17 17:02:19 UTC 
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=28694

Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
Comment 1 Guilherme de Almeida Suckevicz 2021-12-17 17:02:48 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2033716]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2033717]
Comment 7 Siddhesh Poyarekar 2023-10-13 15:01:13 UTC 
This is not security-relevant as per the binutils security policy:

https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

Could the CVE be disputed/rejected please?
Comment 8 Guilherme de Almeida Suckevicz 2023-10-13 15:16:44 UTC 
Redirecting needinfo to @saroy. He handled this CVE.
Comment 9 Sandipan Roy 2023-10-13 17:22:55 UTC 
In reply to comment #7:
> This is not security-relevant as per the binutils security policy:
> 
> https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt
> 
> Could the CVE be disputed/rejected please?


We are not the owning or assigning CNA for this CVE.

CVE-2021-45078
├─ State:	PUBLISHED
└─ Owning CNA:	mitre
Comment 10 Siddhesh Poyarekar 2023-10-13 17:42:34 UTC 
Can we please file a dispute and mark products as not-affected?
Comment 11 Sandipan Roy 2023-10-16 13:30:28 UTC 
In reply to comment #10:
> Can we please file a dispute and mark products as not-affected?

Pedro can help on this.
Comment 12 Pedro Sampaio 2023-10-19 17:34:26 UTC 
In reply to comment #11:
> In reply to comment #10:
> > Can we please file a dispute and mark products as not-affected?
> 
> Pedro can help on this.

Sure, I'll bring this to the CNA group as we have a batch of binutils CVEs to ask for rejection.
Note You need to log in before you can comment on or make changes to this bug.