FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

Affected packages
binutils < 2.33.1_5

Details

VuXML ID f4c54b81-bcc8-11eb-a7a6-080027f515ea
Discovery 2020-11-25
Entry 2021-08-13

Hao Wang reports:

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

[source]

References

CVE Name CVE-2021-3487
URL https://sourceware.org/bugzilla/show_bug.cgi?id=26946

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.