GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs.
CVEID:CVE-2021-20294
**DESCRIPTION:**GNU Binutils is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the readelf program. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201042 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-3487
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a flaw in the read_section() function in dwarf2.c in the BFD library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause excessive memory consumption.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-35448
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193875 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-16590
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a double free vulnerability in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192876 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-20197
**DESCRIPTION:**GNU binutils could allow a local authenticated attacker to bypass security restrictions, caused by an open race window flaw when writing output in the ar, objcopy, strip, ranlib utilities. By using a specially-crafted symlink, an attacker could exploit this vulnerability to allow the utilities to get the ownership of arbitrary files.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-20284
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the _bfd_elf_slurp_secondary_reloc_section function in elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Netezza Platform Software | 4.6.8-4.6.12.P5 |
IBM Netezza Platform Software | 5.0.10-5.2.2.P5 |
IBM Netezza Platform Software | 6.0.3-6.1.P2 |
IBM Netezza Platform Software | 7.0-7.2.1.10.P2 |
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Netezza Platform Software | 7.2.1.11 | Fix Central Link |
None