FreeBSD Bugzilla – Attachment 227099 Details for
Bug 256133
security/vuxml: Document excessive memory consumption vulnerability in binutils
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch file
security_vuxml.binutils.patch (text/plain), 1.76 KB, created by
Yasuhiro Kimura
on 2021-08-11 00:32:39 UTC
(
hide
)
Description:
Updated patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2021-08-11 00:32:39 UTC
Size:
1.76 KB
patch
obsolete
>From 959675a8aca13e887c631d950858051c4bd44e04 Mon Sep 17 00:00:00 2001 >From: Yasuhiro Kimura <yasu@utahime.org> >Date: Tue, 25 May 2021 04:59:27 +0900 >Subject: [PATCH] security/vuxml: Document excessive memory consumption > vulnerability in binutils > >Document excessive memory consumption vulnerability in binutils. >--- > security/vuxml/vuln-2021.xml | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > >diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml >index 3af335748564..22aa2054cea0 100644 >--- a/security/vuxml/vuln-2021.xml >+++ b/security/vuxml/vuln-2021.xml >@@ -1,3 +1,30 @@ >+ <vuln vid="f4c54b81-bcc8-11eb-a7a6-080027f515ea"> >+ <topic>binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()</topic> >+ <affects> >+ <package> >+ <name>binutils</name> >+ <range><lt>2.36</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Hao Wang reports:</p> >+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487"> >+ <p> >+ There's a flaw in the BFD library of binutils in versions before 2.36. >+ An attacker who supplies a crafted file to an application linked with BFD, >+ and using the DWARF functionality, could cause an impact to system >+ availability by way of excessive memory consumption. >+ </p> >+ <cvename>CVE-2021-3487</cvename> >+ <url>https://sourceware.org/bugzilla/show_bug.cgi?id=26946</url> >+ </references> >+ <dates> >+ <discovery>2020-11-25</discovery> >+ <entry>2021-05-24</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="e80073d7-f8ba-11eb-b141-589cfc007716"> > <topic>xtrlock -- xtrlock does not block multitouch events</topic> > <affects> >-- >2.32.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256133
:
225232
|
225257
|
225267
|
225297
|
225303
|
225440
|
225460
|
225462
|
225485
|
225507
|
225521
|
225561
|
225715
|
225744
|
225855
|
225953
|
227099
|
227158
|
227255