FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

Affected packages
binutils < 2.33.1_5

Details

VuXML ID f4c54b81-bcc8-11eb-a7a6-080027f515ea
Discovery 2020-11-25
Entry 2021-08-13

Hao Wang reports:

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

References

CVE Name CVE-2021-3487
URL https://sourceware.org/bugzilla/show_bug.cgi?id=26946