Severity.io | CVE-2021-3487

Description

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Related CPE's

a gnu binutils ********

o redhat enterprise_linux 6.0 *******

o redhat enterprise_linux 7.0 *******

o redhat enterprise_linux 8.0 *******

o fedoraproject fedora 32 *******

o fedoraproject fedora 33 *******

o fedoraproject fedora 34 *******

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947111

Issue TrackingPatchThird Party Advisory

FEDORA-2021-d23d016509

Third Party Advisory

FEDORA-2021-9bd201dd4d

Third Party Advisory

FEDORA-2021-7ca24ddc86

Third Party Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	6.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version	3.1
UserInteraction	REQUIRED

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	NONE
AvailabilityImpact	COMPLETE
IntegrityImpact	NONE
BaseScore	7.1
VectorString	AV:N/AC:M/Au:N/C:N/I:N/A:C
Version	2.0
AccessVector	NETWORK
Authentication	NONE