Vulnerabilities > CVE-2021-3549 - Out-of-bounds Write vulnerability in GNU Binutils 2.36

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnu

CWE-787

NVD

Published: 2021-05-26

Updated: 2022-10-07

Summary

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Binutils 2.36	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://bugzilla.redhat.com/show_bug.cgi?id=1960717
https://security.gentoo.org/glsa/202208-30