stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=28694 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 2033716] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 2033717]
This is not security-relevant as per the binutils security policy: https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt Could the CVE be disputed/rejected please?
Redirecting needinfo to @saroy. He handled this CVE.
In reply to comment #7: > This is not security-relevant as per the binutils security policy: > > https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt > > Could the CVE be disputed/rejected please? We are not the owning or assigning CNA for this CVE. CVE-2021-45078 ├─ State: PUBLISHED └─ Owning CNA: mitre
Can we please file a dispute and mark products as not-affected?
In reply to comment #10: > Can we please file a dispute and mark products as not-affected? Pedro can help on this.
In reply to comment #11: > In reply to comment #10: > > Can we please file a dispute and mark products as not-affected? > > Pedro can help on this. Sure, I'll bring this to the CNA group as we have a batch of binutils CVEs to ask for rejection.