Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1319453AF7DA9A0E5B8BE48087B02A8E5A84EA3B6A853343249689E5E6D3071B
HistoryAug 06, 2021 - 10:58 a.m.

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software

2021-08-0610:58:00
www.ibm.com
20
gnu binutils
ibm netezza
platform software
buffer overflow
denial of service
security bypass
remote code execution
memory consumption

EPSS

0.003

Percentile

69.7%

JSON

Summary

GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-20294
**DESCRIPTION:**GNU Binutils is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the readelf program. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201042 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-3487
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a flaw in the read_section() function in dwarf2.c in the BFD library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause excessive memory consumption.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-35448
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193875 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-16590
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a double free vulnerability in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192876 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-20197
**DESCRIPTION:**GNU binutils could allow a local authenticated attacker to bypass security restrictions, caused by an open race window flaw when writing output in the ar, objcopy, strip, ranlib utilities. By using a specially-crafted symlink, an attacker could exploit this vulnerability to allow the utilities to get the ownership of arbitrary files.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-20284
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the _bfd_elf_slurp_secondary_reloc_section function in elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netezza Platform Software 4.6.8-4.6.12.P5
IBM Netezza Platform Software 5.0.10-5.2.2.P5
IBM Netezza Platform Software 6.0.3-6.1.P2
IBM Netezza Platform Software 7.0-7.2.1.10.P2

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Netezza Platform Software 7.2.1.11 Fix Central Link

Workarounds and Mitigations

None

Related

amazon 2
oraclelinux 1
nessus 49
ibm 8
almalinux 1
redhat 3
osv 12
rocky 1
gentoo 2
openvas 24
mageia 1
suse 3
prion 6
alpinelinux 5
debiancve 6
nvd 6
ubuntucve 6
cve 6
redhatcve 6
photon 14
githubexploit 1
cvelist 6
veracode 5
cbl_mariner 3
fedora 4
cloudlinux 2
freebsd 1
cloudfoundry 2
ubuntu 2
rosalinux 1
amazon
amazon
Medium: gcc10-binutils
2021-09-08 23:35:00
Medium: gcc10-binutils
2021-09-08 23:35:00
oraclelinux
oraclelinux
binutils security update
2021-11-16 00:00:00
nessus
nessus
CentOS 8 : binutils (CESA-2021:4364)
2021-11-11 00:00:00
AlmaLinux 8 : binutils (ALSA-2021:4364)
2022-02-09 00:00:00
Oracle Linux 8 : binutils (ELSA-2021-4364)
2021-11-17 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics
2021-05-19 08:06:38
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93
2022-03-14 20:12:12
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server
2022-05-31 03:16:48
almalinux
almalinux
Moderate: binutils security update
2021-11-09 09:11:20
redhat
redhat
(RHSA-2021:4364) Moderate: binutils security update
2021-11-09 09:11:20
(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update
2021-11-15 12:52:28
(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)
2021-12-14 21:31:08
osv
osv
Moderate: binutils security update
2021-11-09 09:11:20
Moderate: binutils security update
2021-11-09 09:11:20
binutils-2.37-3.1 on GA media
2024-06-15 00:00:00
rocky
rocky
binutils security update
2021-11-09 09:11:20
gentoo
gentoo
GNU Binutils: Multiple Vulnerabilities
2022-08-14 00:00:00
Binutils: Multiple vulnerabilities
2021-07-10 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-1974)
2021-06-07 00:00:00
Mageia: Security Advisory (MGASA-2021-0341)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2058)
2021-07-01 00:00:00
mageia
mageia
Updated binutils packages fix security vulnerabilities
2021-07-12 23:26:21
suse
suse
Security update for binutils (moderate)
2021-11-15 00:00:00
Security update for binutils (moderate)
2021-11-04 00:00:00
Security update for binutils (moderate)
2021-11-09 00:00:00
prion
prion
Double free
2020-12-09 21:15:00
Heap overflow
2021-03-26 17:15:00
Buffer overflow
2021-04-29 16:15:00
alpinelinux
alpinelinux
CVE-2020-16590
2020-12-09 21:15:00
CVE-2021-20294
2021-04-29 16:15:00
CVE-2020-35448
2020-12-27 04:15:12
debiancve
debiancve
CVE-2020-16590
2020-12-09 21:15:15
CVE-2020-35448
2020-12-27 04:15:12
CVE-2021-20294
2021-04-29 16:15:09
nvd
nvd
CVE-2020-16590
2020-12-09 21:15:15
CVE-2021-20294
2021-04-29 16:15:09
CVE-2020-35448
2020-12-27 04:15:12
ubuntucve
ubuntucve
CVE-2020-16590
2020-12-09 00:00:00
CVE-2020-35448
2020-12-27 00:00:00
CVE-2021-20284
2021-03-26 00:00:00
cve
cve
CVE-2021-20284
2021-03-26 17:15:13
CVE-2020-16590
2020-12-09 21:15:15
CVE-2020-35448
2020-12-27 04:15:12
redhatcve
redhatcve
CVE-2021-20294
2021-03-26 11:52:50
CVE-2020-16590
2020-12-11 12:57:42
CVE-2021-20284
2021-03-11 15:08:28
photon
photon
Important Photon OS Security Update - PHSA-2021-0024
2021-05-14 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0386
2021-05-04 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0341
2021-05-04 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Gnu Binutils
2023-01-21 16:15:21
cvelist
cvelist
CVE-2020-16590
2020-12-09 21:05:04
CVE-2020-35448
2020-12-27 03:38:54
CVE-2021-20284
2021-03-26 16:39:03
veracode
veracode
Denial Of Service
2021-08-16 18:45:36
Arbitrary Code Execution
2021-08-16 18:42:36
Buffer Overflow
2021-04-29 13:09:42
cbl_mariner
cbl_mariner
CVE-2021-20294 affecting package binutils 2.32-5
2021-06-09 03:50:42
CVE-2021-20197 affecting package binutils 2.32-5
2021-06-09 03:50:42
CVE-2021-3487 affecting package binutils 2.32-5
2021-06-09 03:50:42
fedora
fedora
[SECURITY] Fedora 33 Update: mingw-binutils-2.34-7.fc33
2021-02-06 01:18:28
[SECURITY] Fedora 34 Update: mingw-binutils-2.34-8.fc34
2021-04-24 20:24:37
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-10.fc32
2021-04-20 15:01:47
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3487
2021-09-23 12:14:20
Fix of CVE: CVE-2021-3487
2021-10-05 14:07:07
freebsd
freebsd
binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()
2020-11-25 00:00:00
cloudfoundry
cloudfoundry
USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
ubuntu
ubuntu
GNU binutils vulnerabilities
2021-10-25 00:00:00
GNU binutils vulnerabilities
2022-03-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1808
2021-07-02 16:33:56

EPSS

0.003

Percentile

69.7%

JSON
Related for 1319453AF7DA9A0E5B8BE48087B02A8E5A84EA3B6A853343249689E5E6D3071B
amazon2oraclelinux1nessus49ibm8almalinux1redhat3osv12rocky1gentoo2openvas24mageia1suse3prion6alpinelinux5debiancve6nvd6ubuntucve6cve6redhatcve6photon14githubexploit1cvelist6veracode5cbl_mariner3fedora4cloudlinux2freebsd1cloudfoundry2ubuntu2rosalinux1