FreeBSD Bugzilla – Attachment 225744 Details for
Bug 256133
security/vuxml: Document excessive memory consumption vulnerability in binutils
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch file
security_vuxml.binutils.patch (text/plain), 1.93 KB, created by
Yasuhiro Kimura
on 2021-06-11 18:33:23 UTC
(
hide
)
Description:
Updated patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2021-06-11 18:33:23 UTC
Size:
1.93 KB
patch
obsolete
>From 4462aa8704f3a83d78bc8c2ab38037176ce21547 Mon Sep 17 00:00:00 2001 >From: Yasuhiro Kimura <yasu@utahime.org> >Date: Tue, 25 May 2021 04:59:27 +0900 >Subject: [PATCH] security/vuxml: Document excessive memory consumption > vulnerability in binutils > >Document excessive memory consumption vulnerability in binutils. >--- > security/vuxml/vuln.xml | 31 +++++++++++++++++++++++++++++++ > 1 file changed, 31 insertions(+) > >diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml >index 0322e2435fbf..deee6772e408 100644 >--- a/security/vuxml/vuln.xml >+++ b/security/vuxml/vuln.xml >@@ -76,6 +76,37 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="f4c54b81-bcc8-11eb-a7a6-080027f515ea"> >+ <topic>binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()</topic> >+ <affects> >+ <package> >+ <name>binutils</name> >+ <range><lt>2.33.1_5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Hao Wang reports:</p> >+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487"> >+ <p> >+ There's a flaw in the BFD library of binutils in versions before 2.36. >+ An attacker who supplies a crafted file to an application linked with BFD, >+ and using the DWARF functionality, could cause an impact to system >+ availability by way of excessive memory consumption. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-3487</cvename> >+ <url>https://sourceware.org/bugzilla/show_bug.cgi?id=26946</url> >+ </references> >+ <dates> >+ <discovery>2020-11-25</discovery> >+ <entry>2021-05-24</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2"> > <topic>dragonfly -- argument injection</topic> > <affects> >-- >2.32.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256133
:
225232
|
225257
|
225267
|
225297
|
225303
|
225440
|
225460
|
225462
|
225485
|
225507
|
225521
|
225561
|
225715
|
225744
|
225855
|
225953
|
227099
|
227158
|
227255