CLSA-2022-1645466518

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1645466518.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLSA-2022-1645466518
Upstream
Published
2022-02-21T18:01:58Z
Modified
2026-05-27T11:33:48.057314249Z
Summary
Fix of CVE: CVE-2021-20284, CVE-2021-20197, CVE-2021-42574, CVE-2021-3487, CVE-2020-35448
Details
  • CVE-2021-42574: Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (#2009172)
  • CVE-2021-20284: Heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c (#1961526)
  • CVE-2020-35448: Heap-based buffer overflow in bfdgetlsigned_32() in libbfd.c (#1953659)
  • CVE-2021-3487: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (#1947134)
  • CVE-2021-20197: Race window allows users to own arbitrary files (#1920642)
References

Affected packages

TuxCare:CentOS:8.4 / binutils

Package

Name
binutils
Purl
pkg:rpm/tuxcare/binutils?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-93.el8.4.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1645466518.json"

TuxCare:CentOS:8.4 / binutils-devel

Package

Name
binutils-devel
Purl
pkg:rpm/tuxcare/binutils-devel?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-93.el8.4.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1645466518.json"