CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team

While backporting fixes for the binutils package for older Linux distributions covered by Extended Lifecycle Support, the team identified a vulnerability in the way CVE-2018-12699 was originally addressed. This new vulnerability allows for memory corruption and denial of service under specific conditions of binutils functionality, which, in turn, is used by multiple other packages. 

 

The original vulnerability had a 9.8 CVSS (v3) score, and the newly identified vulnerability has been assigned a 7.5 CVSS (v3) score. The latest update of binutils available for service subscribers already includes a proper fix for the underlying issue, and the code was fixed in the upstream open source project after our report.

 

Continue reading “CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team”