CVE-2021-3549
7.1 HIGHAn out of bounds flaw was found in GNU binutils objdump utility version 2.36
Published: 2021-05-26 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
- CWE
- CWE-119, CWE-787
Affected products
| Vendor | Product |
|---|---|
| gnu | binutils |
Description
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3549
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1960717
- [Other]https://security.gentoo.org/glsa/202208-30
- [Patch]https://bugzilla.redhat.com/show_bug.cgi?id=1960717
- [Other]https://security.gentoo.org/glsa/202208-30
- [Other]https://security.netapp.com/advisory/ntap-20250228-0005/
Related CVEs
Same vendor
- CVE-2026-42009 — A flaw was found in gnutls (7.5 HIGH)
- CVE-2026-42010 — A flaw was found in gnutls (7.1 HIGH)
- CVE-2026-3833 — A flaw was found in gnutls (6.5 MEDIUM)
- CVE-2026-3832 — A flaw was found in gnutls (3.7 LOW)
- CVE-2026-33845 — A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow ... (7.5 HIGH)
Same CWE
- CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)