View | Details | Raw Unified | Return to bug 256133 | Differences between
and this patch

Collapse All | Expand All

(-)b/security/vuxml/vuln.xml (-1 / +31 lines)
Lines 76-81 Notes: Link Here
76
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
76
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
77
-->
77
-->
78
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
78
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
79
  <vuln vid="f4c54b81-bcc8-11eb-a7a6-080027f515ea">
80
    <topic>binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()</topic>
81
    <affects>
82
      <package>
83
	<name>binutils</name>
84
	<range><lt>2.33.1_5</lt></range>
85
      </package>
86
    </affects>
87
    <description>
88
      <body xmlns="http://www.w3.org/1999/xhtml">
89
	<p>Hao Wang reports:</p>
90
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487">
91
	  <p>
92
	    There's a flaw in the BFD library of binutils in versions before 2.36.
93
	    An attacker who supplies a crafted file to an application linked with BFD,
94
	    and using the DWARF functionality, could cause an impact to system
95
	    availability by way of excessive memory consumption.
96
	  </p>
97
	</blockquote>
98
      </body>
99
    </description>
100
    <references>
101
      <cvename>CVE-2021-3487</cvename>
102
      <url>https://sourceware.org/bugzilla/show_bug.cgi?id=26946</url>
103
    </references>
104
    <dates>
105
      <discovery>2020-11-25</discovery>
106
      <entry>2021-05-24</entry>
107
    </dates>
108
  </vuln>
109
79
  <vuln vid="8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c">
110
  <vuln vid="8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c">
80
    <topic>redis -- integer overflow</topic>
111
    <topic>redis -- integer overflow</topic>
81
    <affects>
112
    <affects>
82
- 

Return to bug 256133