From 959675a8aca13e887c631d950858051c4bd44e04 Mon Sep 17 00:00:00 2001 From: Yasuhiro Kimura Date: Tue, 25 May 2021 04:59:27 +0900 Subject: [PATCH] security/vuxml: Document excessive memory consumption vulnerability in binutils Document excessive memory consumption vulnerability in binutils. --- security/vuxml/vuln-2021.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 3af335748564..22aa2054cea0 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,30 @@ + + binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() + + + binutils + 2.36 + + + + +

Hao Wang reports:

+
+

+ There's a flaw in the BFD library of binutils in versions before 2.36. + An attacker who supplies a crafted file to an application linked with BFD, + and using the DWARF functionality, could cause an impact to system + availability by way of excessive memory consumption. +

+ CVE-2021-3487 + https://sourceware.org/bugzilla/show_bug.cgi?id=26946 + + + 2020-11-25 + 2021-05-24 + + + xtrlock -- xtrlock does not block multitouch events -- 2.32.0