Candidate: CVE-2021-3549
PublicDate: 2021-05-26 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549
Description:
 An out of bounds flaw was found in GNU binutils objdump utility version
 2.36. An attacker could use this flaw and pass a large section to
 avr_elf32_load_records_from_section() probably resulting in a crash or in
 some cases memory corruption. The highest threat from this vulnerability is
 to integrity as well as system availability.
Ubuntu-Description:
Notes:
 mdeslaur> od-elf32_avr.c is not built in the Ubuntu package
Mitigation:
Bugs:
 https://sourceware.org/bugzilla/show_bug.cgi?id=27294
 https://bugzilla.redhat.com/show_bug.cgi?id=1960717
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H [7.1 HIGH]


Patches_binutils:
 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
upstream_binutils: released (2.37-3)
trusty_binutils: ignored (out of standard support)
trusty/esm_binutils: not-affected (code not compiled)
xenial_binutils: ignored (out of standard support)
esm-infra/xenial_binutils: not-affected (code not compiled)
bionic_binutils: not-affected (code not compiled)
focal_binutils: not-affected (code not compiled)
groovy_binutils: ignored (reached end-of-life)
hirsute_binutils: not-affected (code not compiled)
impish_binutils: released (2.37-7ubuntu1)
jammy_binutils: released (2.37-7ubuntu1)
devel_binutils: released (2.37-7ubuntu1)