2033715 – (CVE-2021-45078) CVE-2021-45078 binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

Bug 2033715 (CVE-2021-45078) - CVE-2021-45078 binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c

Summary: CVE-2021-45078 binutils: out-of-bounds write in stab_xcoff_builtin_type() in ...

Keywords:
Status:	NEW
Alias:	CVE-2021-45078
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2033716 2033717 2034103 2034104 2034105 2034106 2034107 2034108 2034109 2034110 2034111 2034112
Blocks:	2033719
TreeView+	depends on / blocked

Reported:	2021-12-17 17:02 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-07-09 12:57 UTC (History)
CC List:	30 users (show)
Fixed In Version:	binutils 2.38
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-12-17 17:02:19 UTC

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=28694

Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02

Comment 1 Guilherme de Almeida Suckevicz 2021-12-17 17:02:48 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2033716]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2033717]

Note You need to log in before you can comment on or make changes to this bug.

ailan
aoliva
bdettelb
caswilli
dhalasz
dvlasenk
elima
erik-fedora
fjansen
fweimer
jakub
jburrell
jwong
kaycoth
klember
ktietz
manisandro
marcandre.lureau
mcermak
micjohns
mpolacek
mprchlik
nickc
ohudlick
rjones
sipoyare
sthirugn
virt-maint
vkrizan
vmugicag