Bug 2234003 (CVE-2021-46174) - CVE-2021-46174 binutils: heap-based buffer overflow in bfd_getl32() in libbfd.c via objdump
Summary: CVE-2021-46174 binutils: heap-based buffer overflow in bfd_getl32() in libbfd...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-46174
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2234006 2234007 2234008 2234240 2234241 2234242 2234243 2234244 2234245 2234246 2234247 2234248 2234249 2234250 2234251 2234252 2234253 2234254
Blocks: 2233947
TreeView+ depends on / blocked
 
Reported: 2023-08-23 21:09 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-11-14 11:27 UTC (History)
29 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-11-09 09:18:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-23 21:09:38 UTC 
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=28753
Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 21:13:51 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2234006]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2234007]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2234008]
Comment 4 Nick Clifton 2023-08-24 12:44:31 UTC 
(In reply to Guilherme de Almeida Suckevicz from comment #0)
> Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
 
The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like objdump are not considered to be security issues, and hence do not qualify for CVE treatment.
Note You need to log in before you can comment on or make changes to this bug.