1943533 – (CVE-2021-20294) CVE-2021-20294 binutils: stack buffer overflow WRITE may lead to a DoS via a crafted ELF

Bug 1943533 (CVE-2021-20294) - CVE-2021-20294 binutils: stack buffer overflow WRITE may lead to a DoS via a crafted ELF

Summary: CVE-2021-20294 binutils: stack buffer overflow WRITE may lead to a DoS via a ...

Keywords:
Status:	NEW
Alias:	CVE-2021-20294
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1947304 1943534 1943535 1945432 1945433 1945434 1945435 1945436 1945437 1945438 1945439 1947298 1947299 1947300 1947301 1947302 1947303
Blocks:	1938941 1943536
TreeView+	depends on / blocked

Reported:	2021-03-26 11:24 UTC by Marian Rehak
Modified:	2023-10-19 10:52 UTC (History)
CC List:	23 users (show)
Fixed In Version:	binutils 2.35.2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in binutils' readelf program. An attacker who is able to convince a victim using readelf to read a crafted file, could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2021-03-26 11:24:06 UTC

allows remote attackers to cause a denial of service (stack buffer overflow) or possibly have unspecified other impacts via a crafted ELF

External Reference:

https://sourceware.org/bugzilla/show_bug.cgi?id=26929

Comment 1 Marian Rehak 2021-03-26 11:25:16 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1943534]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1943535]

Comment 2 Siddhesh Poyarekar 2021-03-26 12:40:55 UTC

This bug is in the readelf binary (which is not a service) and not bfd (which a service could link to and hence be susceptible to a DoS) so this is just a crash, not a DoS.  This should not be considered a security bug.

Comment 8 Marian Rehak 2021-03-31 09:24:32 UTC

Acknowledgments:

Name: Hao Wang

Comment 9 Todd Cullum 2021-03-31 15:13:56 UTC

Mitigation:

Stack canaries, non-executable stack (NX), address space layout randomization (ASLR) are binary hardening protections enabled in Red Hat Enterprise Linux 7 and 8 that should greatly limit the impact of this flaw. An additional mitigation is to not use readelf to read files from untrusted sources.

To learn more about binary hardening protections in Red Hat Enterprise Linux, please see https://access.redhat.com/articles/65299

Comment 12 Todd Cullum 2021-03-31 23:19:31 UTC

In reply to comment #2:
> This bug is in the readelf binary (which is not a service) and not bfd
> (which a service could link to and hence be susceptible to a DoS) so this is
> just a crash, not a DoS.  This should not be considered a security bug.

It's not a DoS for the reason you mentioned and it requires a potential victim to run readelf on an untrusted file (thus not "remote"), but it does have a stack buffer overflow out-of-bounds write of attacker-supplied data. Therefore, Red Hat Product Security has kept it as a security vulnerability and assigned a CVE.

Note You need to log in before you can comment on or make changes to this bug.

adscvr
ailan
aoliva
caswilli
dvlasenk
erik-fedora
fweimer
jakub
kaycoth
klember
ktietz
manisandro
marcandre.lureau
mcermak
mpolacek
mprchlik
nickc
ohudlick
rhel8-maint
rjones
sipoyare
virt-maint
vmugicag