VDB

GCVE-VVD-MAGEIA-2021-341

GCVE-VVD-MAGEIA-2021-341
Advisory Published
Vulnetix · Advisory published July 12, 2021
This update provides binutils 2.36.1 and fixes at least the following security issues: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption (CVE-2021-3487). There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink (CVE-2021-20197). For more info about the 2.36 update, see the sourceware link.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiabinutils0 (affected), 2.36.1-1.1.mga8 (unaffected)

Aliases

CVE-2021-20197

Transitive aliases

GHSA-rq67-5wpf-96wvBDU:2023-05789EUVD-2021-7643VVD-GENTOO-2021-778545ALSA-2021:4364VVD-CISA-2021-20197

References

Updated binutils packages fix security vulnerabilities
advisory
Updated binutils packages fix security vulnerabilities
issue
Updated binutils packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›