Vulnerability Details : CVE-2021-3530
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
Products affected by CVE-2021-3530
- cpe:2.3:a:gnu:binutils:2.36:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3530
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3530
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-3530
-
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2021-3530
-
https://security.gentoo.org/glsa/202208-30
GNU Binutils: Multiple Vulnerabilities (GLSA 202208-30) — Gentoo securityThird Party Advisory
-
https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch
Tree - rpms/binutils - src.fedoraproject.orgPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1956423
1956423 – (CVE-2021-3530) CVE-2021-3530 binutils: stack memory exhaustion in demangle_path() in rust-demangle.cIssue Tracking;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210716-0006/
CVE-2021-3530 GNU Binutils Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to