Vulnerability CVE-2021-20294

Vulnerability Name:

CVE-2021-20294 (CCN-201042)

Assigned:

2020-12-17

Published:

2021-04-08

Updated:

2022-11-16

Summary:

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-20294

Source: CCN
Type: Red Hat Bugzilla - Bug 1943533
(CVE-2021-20294) - CVE-2021-20294 binutils: stack buffer overflow WRITE may lead to a DoS via a crafted ELF

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1943533

Source: XF
Type: UNKNOWN
binutils-cve202120294-bo(201042)

Source: MLIST
Type: Mailing List, Third Party Advisory
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Source: MLIST
Type: Mailing List, Third Party Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-30

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26929

Source: MISC
Type: Patch, Third Party Advisory
https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926

Source: CCN
Type: binutils-gdb GIT Repository
asan: readelf: stack buffer overflow

Source: CCN
Type: IBM Security Bulletin 6454439 (Netezza Analytics)
Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6479365 (Netezza Platform Software)
Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-20294

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:binutils:*:*:*:*:*:*:*:* (Version >= 2.35 and < 2.35.2)

Configuration CCN 1:

cpe:/a:gnu:binutils:2.35:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7991	P	binutils-devel-32bit-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7447	P	bcel-5.2-150200.11.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7491	P	enscript-1.6.6-1.17 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7451	P	binutils-2.39-150100.7.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51979	P	Security update for conmon (Moderate)	2022-12-29
oval:org.opensuse.security:def:806	P	Security update for LibVNCServer (Moderate)	2022-10-06
oval:org.opensuse.security:def:3707	P	Security update for webkit2gtk3 (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:3523	P	hplip-3.16.11-1.33 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3366	P	socat-1.7.2.4-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94508	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2878	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94996	P	binutils-devel-32bit-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94635	P	libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94927	P	libXp6-32bit-1.0.3-1.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:4586	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:99759	P	(Moderate)	2022-03-09
oval:org.opensuse.security:def:101640	P	Security update for polkit (Moderate)	2022-02-18
oval:org.opensuse.security:def:102146	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100070	P	(Important)	2022-01-26
oval:org.opensuse.security:def:112007	P	binutils-2.37-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99166	P	(Important)	2021-12-06
oval:org.opensuse.security:def:4518	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:111132	P	Security update for binutils (Moderate)	2021-11-15
oval:org.opensuse.security:def:32213	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:58862	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:87503	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:93770	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:23991	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:83351	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:1490	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:106449	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:73734	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:92610	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:100348	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:68580	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:101348	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:126791	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:34586	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:64612	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:89473	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:30264	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:57120	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:85761	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:93271	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:108812	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:76042	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:95433	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:102070	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:105856	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:9611	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:92021	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:99158	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:66974	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:99560	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:117820	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:33039	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:59560	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:88214	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:93984	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:26160	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:55265	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:83471	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:106736	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:73918	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:92809	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:100677	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:111780	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:69751	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:127188	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:64796	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:98971	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:31297	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:57523	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:86164	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:93429	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:109251	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:76380	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:95872	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:106051	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:9810	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:92216	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:99693	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:5885	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:67312	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:118336	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:33737	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:59818	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:88531	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:94196	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:29442	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:55967	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:84231	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:108014	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:74675	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:101537	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:8860	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:69950	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:65607	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:5147	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:31700	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:58036	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:86677	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:93585	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:23699	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:51687	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:82649	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:1135	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:106250	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:10361	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:92411	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:100012	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:6223	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:68536	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:125624	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:33995	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:60409	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:89215	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:94407	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:30144	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:56087	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:84689	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:93111	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:108306	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:74743	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:101813	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:105661	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:9055	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:70501	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:102585	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:65675	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:99361	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:117528	P	Security update for binutils (Moderate)	2021-11-09

BACK