{"id":"CLSA-2022-1645466518","summary":"Fix of CVE: CVE-2021-20284, CVE-2021-20197, CVE-2021-42574, CVE-2021-3487, CVE-2020-35448","details":"- CVE-2021-42574: Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (#2009172)\n- CVE-2021-20284: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (#1961526)\n- CVE-2020-35448: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c (#1953659)\n- CVE-2021-3487: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (#1947134)\n- CVE-2021-20197: Race window allows users to own arbitrary files (#1920642)","modified":"2026-05-29T01:37:50.659005286Z","published":"2022-02-21T18:01:58Z","upstream":["CVE-2020-35448","CVE-2021-20197","CVE-2021-20284","CVE-2021-3487","CVE-2021-42574"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.4-els/CLSA-2022-1645466518.html"}],"schema_version":"1.7.5"}