VulnerableCode Package Details - pkg:alpm/archlinux/binutils@2.36-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2ef7-dr9v-aaan	A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.	CVE-2021-20294
VCID-hsv6-2w95-aaaq	An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.	CVE-2020-35448
VCID-r4yx-jctz-aaan	Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt	CVE-2021-3487

Vulnerability

Summary

Aliases

VCID-2ef7-dr9v-aaan

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

CVE-2021-20294

VCID-hsv6-2w95-aaaq

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

CVE-2020-35448

VCID-r4yx-jctz-aaan

Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

CVE-2021-3487

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:39.527041+00:00	Arch Linux Importer	Fixing	VCID-hsv6-2w95-aaaq	https://security.archlinux.org/AVG-1385	36.0.0
2025-03-28T07:46:39.501476+00:00	Arch Linux Importer	Fixing	VCID-2ef7-dr9v-aaan	https://security.archlinux.org/AVG-1385	36.0.0
2025-03-28T07:46:39.482744+00:00	Arch Linux Importer	Fixing	VCID-r4yx-jctz-aaan	https://security.archlinux.org/AVG-1385	36.0.0
2024-09-18T02:01:59.757538+00:00	Arch Linux Importer	Fixing	VCID-hsv6-2w95-aaaq	https://security.archlinux.org/AVG-1385	34.0.1
2024-09-18T02:01:59.736173+00:00	Arch Linux Importer	Fixing	VCID-2ef7-dr9v-aaan	https://security.archlinux.org/AVG-1385	34.0.1
2024-09-18T02:01:59.716861+00:00	Arch Linux Importer	Fixing	VCID-r4yx-jctz-aaan	https://security.archlinux.org/AVG-1385	34.0.1
2024-01-03T22:28:03.251479+00:00	Arch Linux Importer	Fixing	VCID-hsv6-2w95-aaaq	https://security.archlinux.org/AVG-1385	34.0.0rc1
2024-01-03T22:28:03.232604+00:00	Arch Linux Importer	Fixing	VCID-2ef7-dr9v-aaan	https://security.archlinux.org/AVG-1385	34.0.0rc1
2024-01-03T22:28:03.213503+00:00	Arch Linux Importer	Fixing	VCID-r4yx-jctz-aaan	https://security.archlinux.org/AVG-1385	34.0.0rc1