VulnerableCode Package Details - pkg:alpm/archlinux/binutils@2.38-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4mbs-absj-aaae	A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.	CVE-2021-3530
VCID-h1bx-cfnr-aaaq	There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.	CVE-2021-20197
VCID-j8km-6eau-aaak	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.	CVE-2021-3648

Vulnerability

Summary

Aliases

VCID-4mbs-absj-aaae

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

CVE-2021-3530

VCID-h1bx-cfnr-aaaq

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CVE-2021-20197

VCID-j8km-6eau-aaak

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2021-3648

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:23.389741+00:00	Arch Linux Importer	Fixing	VCID-h1bx-cfnr-aaaq	https://security.archlinux.org/AVG-1540	36.0.0
2025-03-28T07:46:23.371032+00:00	Arch Linux Importer	Fixing	VCID-4mbs-absj-aaae	https://security.archlinux.org/AVG-1540	36.0.0
2025-03-28T07:46:23.352337+00:00	Arch Linux Importer	Fixing	VCID-j8km-6eau-aaak	https://security.archlinux.org/AVG-1540	36.0.0
2024-09-18T02:01:37.894376+00:00	Arch Linux Importer	Fixing	VCID-h1bx-cfnr-aaaq	https://security.archlinux.org/AVG-1540	34.0.1
2024-09-18T02:01:37.872086+00:00	Arch Linux Importer	Fixing	VCID-4mbs-absj-aaae	https://security.archlinux.org/AVG-1540	34.0.1
2024-09-18T02:01:37.850490+00:00	Arch Linux Importer	Fixing	VCID-j8km-6eau-aaak	https://security.archlinux.org/AVG-1540	34.0.1
2024-01-03T22:27:44.879937+00:00	Arch Linux Importer	Fixing	VCID-h1bx-cfnr-aaaq	https://security.archlinux.org/AVG-1540	34.0.0rc1
2024-01-03T22:27:44.860341+00:00	Arch Linux Importer	Fixing	VCID-4mbs-absj-aaae	https://security.archlinux.org/AVG-1540	34.0.0rc1
2024-01-03T22:27:44.840497+00:00	Arch Linux Importer	Fixing	VCID-j8km-6eau-aaak	https://security.archlinux.org/AVG-1540	34.0.0rc1