VDB
DEBIAN-CVE-2021-20197
DEBIAN-CVE-2021-20197
PUBLISHED
CVSS 6.300000190734863 MEDIUM
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | binutils | 0, 0, 0 |
| Debian:11 | binutils | 2.45-3, 2.39.50.20221101-1, 2.39-8 |
| Debian:14 | binutils | 0, 0, 0 |
| Debian:13 | binutils | 0, 0, 0 |
Timeline
- Mar 26, 2021 CVE Published
- Apr 28, 2026 CVE Updated