CVE-2021-20294 - Vulnerability Details - OpenCVE

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Binutils

Configuration 1 [-]

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1943533
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-20294
https://security.gentoo.org/glsa/202208-30
https://sourceware.org/bugzilla/show_bug.cgi?id=26929
https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926
https://www.cve.org/CVERecord?id=CVE-2021-20294

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-04-29T00:00:00

Updated: 2024-08-03T17:37:23.624Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20294

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-29T16:15:09.783

Modified: 2024-11-21T05:46:17.983

Link: CVE-2021-20294

Redhat

Severity : Moderate

Publid Date: 2020-11-21T00:00:00Z

Links: CVE-2021-20294 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-20294", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:37:23.624Z", "dateReserved": "2020-12-17T00:00:00", "datePublished": "2021-04-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability."}], "affected": [{"vendor": "n/a", "product": "binutils", "versions": [{"version": "binutils 2.35.2", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26929"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202208-30", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202208-30"}, {"url": "https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-787", "cweId": "CWE-787"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.624Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26929", "tags": ["x_transferred"]}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202208-30", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-30"}, {"url": "https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "A775487B-2BF9-4578-B557-E77278DA5F94", "versionEndExcluding": "2.35.2", "versionStartIncluding": "2.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el programa binutils readelf versi\u00f3n 2.35. Un atacante que sea capaz de convencer a una v\u00edctima usando readelf para que lea un archivo dise\u00f1ado podr\u00eda desencadenar un desbordamiento de b\u00fafer de la pila, una escritura fuera de l\u00edmites de los datos arbitrarios proporcionados por el atacante. El mayor impacto de este fallo es la confidencialidad, integridad y disponibilidad"}], "id": "CVE-2021-20294", "lastModified": "2024-11-21T05:46:17.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-29T16:15:09.783", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-30"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26929"}, {"source": "secalert@redhat.com", "url": "https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/?p=binutils-gdb.git%3Ba=patch%3Bh=372dd157272e0674d13372655cc60eaca9c06926"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Hao Wang for reporting this issue.", "bugzilla": {"description": "binutils: stack buffer overflow WRITE may lead to a DoS via a crafted ELF", "id": "1943533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.", "A flaw was found in binutils' readelf program. An attacker who is able to convince a victim using readelf to read a crafted file, could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability."], "mitigation": {"lang": "en:us", "value": "Stack canaries, non-executable stack (NX), address space layout randomization (ASLR) are binary hardening protections enabled in Red Hat Enterprise Linux 7 and 8 that should greatly limit the impact of this flaw. An additional mitigation is to not use readelf to read files from untrusted sources.\nTo learn more about binary hardening protections in Red Hat Enterprise Linux, please see https://access.redhat.com/articles/65299"}, "name": "CVE-2021-20294", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gcc-toolset-10-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gcc-toolset-9-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20294\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20294\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=26929"], "statement": "The issue is classified as moderate severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The buffer overflow only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious ELF file with readelf. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt", "threat_severity": "Moderate", "upstream_fix": "binutils 2.35.2"}