2.35.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnu

CWE-787

NVD

Published: 2021-04-29

Updated: 2023-11-07

Summary

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Binutils 2.35 GNU Binutils 2.35.1	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://bugzilla.redhat.com/show_bug.cgi?id=1943533
https://sourceware.org/bugzilla/show_bug.cgi?id=26929
https://security.gentoo.org/glsa/202208-30
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926