Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:C69B2A981297F86160FB9DC0663EBA6C
HistoryApr 21, 2022 - 12:00 a.m.

USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry

2022-04-2100:00:00
Cloud Foundry
www.cloudfoundry.org
13

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Severity

Low

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 16.04

Description

It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-17122) It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. (CVE-2021-3487) It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-45078)

CVEs contained in this USN include: CVE-2017-17122, CVE-2021-3487, CVE-2021-45078.

Affected Cloud Foundry Products and Versions

Severity is low unless otherwise noted.

  • CF Deployment
    • All versions with Xenial Stemcells prior to 621.224

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • CF Deployment
    • For all versions, upgrade Xenial Stemcells to 621.224 or greater

References

History

2022-04-21: Initial vulnerability report published.

CPENameOperatorVersion
cf deploymentlt621.224

Related

ubuntu 4
osv 9
nessus 59
veracode 2
ubuntucve 3
redhatcve 3
cbl_mariner 3
prion 3
cve 3
debiancve 3
cnvd 1
fedora 5
ibm 8
redos 1
cloudlinux 4
photon 20
freebsd 1
alpinelinux 2
gentoo 2
cloudfoundry 1
mageia 1
amazon 2
rocky 1
oraclelinux 1
almalinux 1
redhat 3
suse 2
rosalinux 1
openvas 5
ubuntu
ubuntu
GNU binutils vulnerabilities
2022-03-22 00:00:00
GNU binutils vulnerability
2023-06-13 00:00:00
GNU binutils vulnerabilities
2021-10-25 00:00:00
osv
osv
binutils vulnerabilities
2022-03-22 12:12:25
CVE-2017-17122
2017-12-04 08:29:00
binutils vulnerability
2023-06-13 18:08:14
nessus
nessus
Ubuntu 16.04 ESM : GNU binutils vulnerabilities (USN-5341-1)
2022-03-22 00:00:00
EulerOS 2.0 SP3 : binutils (EulerOS-SA-2022-1706)
2022-05-26 00:00:00
EulerOS 2.0 SP5 : binutils (EulerOS-SA-2021-2212)
2021-07-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-01-23 18:26:23
Denial Of Service (DoS)
2021-04-25 00:13:27
ubuntucve
ubuntucve
CVE-2017-17122
2017-12-04 00:00:00
CVE-2021-3487
2021-04-15 00:00:00
CVE-2021-45078
2021-12-15 00:00:00
redhatcve
redhatcve
CVE-2017-17122
2017-12-11 16:21:38
CVE-2021-45078
2021-12-17 17:21:35
CVE-2021-3487
2021-04-08 20:52:11
cbl_mariner
cbl_mariner
CVE-2021-45078 affecting package binutils 2.37-2
2022-04-26 19:57:43
CVE-2021-45078 affecting package binutils 2.36.1-3
2022-01-10 03:59:20
CVE-2021-3487 affecting package binutils 2.32-5
2021-06-09 03:50:42
prion
prion
Integer overflow
2017-12-04 08:29:00
Design/Logic Flaw
2021-04-15 14:15:00
Heap overflow
2021-12-15 20:15:00
cve
cve
CVE-2017-17122
2017-12-04 08:29:00
CVE-2021-3487
2021-04-15 14:15:00
CVE-2021-45078
2021-12-15 20:15:00
debiancve
debiancve
CVE-2017-17122
2017-12-04 08:29:00
CVE-2021-3487
2021-04-15 14:15:17
CVE-2021-45078
2021-12-15 20:15:00
cnvd
cnvd
GNU Binutils Buffer Overflow Vulnerability (CNVD-2021-103512)
2021-12-17 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: mingw-binutils-2.37-3.fc35
2021-12-27 00:41:31
[SECURITY] Fedora 34 Update: mingw-binutils-2.34-10.fc34
2021-12-27 00:56:24
[SECURITY] Fedora 34 Update: mingw-binutils-2.34-8.fc34
2021-04-24 20:24:37
ibm
ibm
Security Bulletin: Publicly disclosed vulnerability in GNU Binutils affects IBM Netezza Platform Software
2022-07-13 11:22:34
Security Bulletin: Publicly disclosed vulnerability in GNU Binutils affects IBM Netezza Performance Server
2022-05-31 03:16:48
Security Bulletin: Publicly disclosed vulnerability in GNU binutils affects IBM Netezza Analytics for NPS
2022-06-03 14:32:29
redos
redos
ROS-20220125-16
2022-01-25 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3487
2021-09-23 12:14:20
Fix of CVE: CVE-2021-3487
2021-10-05 14:07:07
Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483
2021-12-29 15:09:05
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0341
2021-05-04 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0386
2021-05-04 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0230
2021-05-04 00:00:00
freebsd
freebsd
binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()
2020-11-25 00:00:00
alpinelinux
alpinelinux
CVE-2021-3487
2021-04-15 14:15:00
CVE-2021-45078
2021-12-15 20:15:00
gentoo
gentoo
GNU Binutils: Multiple Vulnerabilities
2022-08-14 00:00:00
Binutils: Multiple vulnerabilities
2018-11-27 00:00:00
cloudfoundry
cloudfoundry
USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
mageia
mageia
Updated binutils packages fix security vulnerabilities
2021-07-12 23:26:21
amazon
amazon
Medium: gcc10-binutils
2021-09-08 23:35:00
Medium: gcc10-binutils
2021-09-08 23:35:00
rocky
rocky
binutils security update
2021-11-09 09:11:20
oraclelinux
oraclelinux
binutils security update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: binutils security update
2021-11-09 09:11:20
redhat
redhat
(RHSA-2021:4364) Moderate: binutils security update
2021-11-09 09:11:20
(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)
2021-12-14 21:31:08
(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update
2021-11-15 12:52:28
suse
suse
Security update for binutils (moderate)
2021-11-04 00:00:00
Security update for binutils (moderate)
2021-11-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1808
2021-07-02 16:33:56
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2129)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1205)
2020-03-13 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2558)
2020-01-23 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON
Related for CFOUNDRY:C69B2A981297F86160FB9DC0663EBA6C
ubuntu4osv9nessus59veracode2ubuntucve3redhatcve3cbl_mariner3prion3cve3debiancve3cnvd1fedora5ibm8redos1cloudlinux4photon20freebsd1alpinelinux2gentoo2cloudfoundry1mageia1amazon2rocky1oraclelinux1almalinux1redhat3suse2rosalinux1openvas5