CVE-2021-3549: 
NixOS vulnerability analysis and mitigation

An out-of-bounds flaw was discovered in GNU binutils objdump utility version 2.36. The vulnerability, identified as CVE-2021-3549, was reported in May 2021. The flaw affects the avrelf32loadrecordsfrom_section() function when processing large sections (NVD, Debian Tracker).

The vulnerability is classified as an out-of-bounds write (CWE-787) and improper restriction of operations within memory buffer bounds (CWE-119). It has a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. The flaw specifically occurs in the avrelf32loadrecordsfromsection() function when processing large section parameters (NVD, [Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=1960717)).

The vulnerability can result in system crashes and potential memory corruption when exploited. The highest threats from this vulnerability are to system integrity and availability, with no direct impact on confidentiality (NVD).

The vulnerability has been fixed in GNU binutils versions after 2.36.1. Users are advised to upgrade to version 2.38 or later. For Gentoo users, the fix is available through system updates using emerge (Gentoo Advisory).