Vulnerability Details CVE-2021-20294
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.157
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1943533
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/202208-30
- https://sourceware.org/bugzilla/show_bug.cgi?id=26929
- https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926
- https://bugzilla.redhat.com/show_bug.cgi?id=1943533
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/202208-30
- https://sourceware.org/bugzilla/show_bug.cgi?id=26929
- https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926