CVE-2021-3487 - log back

CVE-2021-3487 edited at 09 Apr 2021 10:22:08
Description
- A security issue was found in the BFD library of binutils. read_section() in dwarf2.c of BFD could cause excessive memory consumption when handling corrupt DWARF debug sections. This could lead to an impact to system availability, denial of service, and/or a crash in applications linked with the BFD library's DWARF functionality if they parse files from untrusted sources.
+ A security issue was found in the BFD library of binutils before version 2.36. read_section() in dwarf2.c of BFD could cause excessive memory consumption when handling corrupt DWARF debug sections. This could lead to an impact to system availability, denial of service, and/or a crash in applications linked with the BFD library's DWARF functionality if they parse files from untrusted sources.
CVE-2021-3487 edited at 09 Apr 2021 10:21:43
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A security issue was found in the BFD library of binutils. read_section() in dwarf2.c of BFD could cause excessive memory consumption when handling corrupt DWARF debug sections. This could lead to an impact to system availability, denial of service, and/or a crash in applications linked with the BFD library's DWARF functionality if they parse files from untrusted sources.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1947111
+ https://sourceware.org/bugzilla/show_bug.cgi?id=26946
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=647cebce12a6b0a26960220caff96ff38978cf24
Notes
CVE-2021-3487 created at 09 Apr 2021 10:18:47