CVE-2021-46174 – CVE-2021-46174 is a heap-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2021-46174?

CVE-2021-46174 has a CVSS score of 7.5 (HIGH). CVE-2021-46174 is a heap-based buffer overflow vulnerability in the bfd_getl32 function of Binutils objdump version 2.37. This vulnerability allows attackers to execute arbitrary code or cause denial of service by processing specially crafted object files. Users and systems that process untrusted object files with vulnerable versions of objdump are affected.

📋 TL;DR

CVE-2021-46174 is a heap-based buffer overflow vulnerability in the bfd_getl32 function of Binutils objdump version 2.37. This vulnerability allows attackers to execute arbitrary code or cause denial of service by processing specially crafted object files. Users and systems that process untrusted object files with vulnerable versions of objdump are affected.

💻 Affected Systems

Products:

GNU Binutils
objdump

Versions: Binutils 2.37 only

Operating Systems: Linux, Unix-like systems, Windows (via Cygwin/MinGW)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where objdump is used to process untrusted object files. Many distributions ship patched versions.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running objdump, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious object files.

🟢

If Mitigated

Limited impact if objdump is not used to process untrusted files or runs with minimal privileges.

🌐 Internet-Facing: LOW - objdump is typically not exposed directly to internet-facing services.

🏢 Internal Only: MEDIUM - internal users or automated systems processing untrusted object files could be vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to provide a malicious object file that the victim processes with objdump. Proof-of-concept code is available in the bug reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Binutils 2.37 with patch or later versions (2.38+)

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=28753

Restart Required: No

Instructions:

1. Update Binutils package from your distribution's repositories. 2. For source installations: download patched source from GNU mirrors, compile, and install. 3. Verify the fix by checking the version.

🔧 Temporary Workarounds

Restrict objdump usage

linux

Limit objdump execution to trusted users and avoid processing untrusted object files.

chmod 750 /usr/bin/objdump
setfacl -m u:trusteduser:rx /usr/bin/objdump

Use alternative tools

all

Use readelf or other binary analysis tools instead of objdump when possible.

🧯 If You Can't Patch

Run objdump with minimal privileges (non-root user, restricted capabilities)
Implement strict input validation for object files before processing with objdump

🔍 How to Verify

Check if Vulnerable:

Check if objdump version is 2.37 and if the system processes untrusted object files.

Check Version:

objdump --version | head -1

Verify Fix Applied:

Verify objdump version is 2.38+ or confirm with distribution that patch is applied.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from objdump process
Unexpected objdump execution with suspicious file arguments

Network Indicators:

Unusual outbound connections after objdump execution
File transfers of object files to untrusted sources

SIEM Query:

process_name:"objdump" AND (event_type:"crash" OR file_path:"*.o" OR file_path:"*.obj")

📊 Metadata

CVE ID: CVE-2021-46174

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 22, 2023

Last Updated: November 21, 2024

🔗 References

https://sourceware.org/bugzilla/show_bug.cgi?id=28753 Exploit,Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=28753 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46174, you might also want to check these: