Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12934

Опубликовано: 11 апр. 2018
Источник: redhat
CVSS3: 5.5

Описание

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Отчет

This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this excessive memory consumption is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with cxxfilt. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5binutilsWill not fix
Red Hat Enterprise Linux 5binutils220Will not fix
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 7binutilsWill not fix
Red Hat Enterprise Linux 8binutilsWill not fix
Red Hat Enterprise Linux 8mingw-binutilsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1597853binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12934

CVSS3: 7.5
ubuntu
больше 7 лет назад

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

nvd логотип

CVE-2018-12934

CVSS3: 7.5
nvd
больше 7 лет назад

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

debian логотип

CVE-2018-12934

CVSS3: 7.5
debian
больше 7 лет назад

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU ...

github логотип

GHSA-5gpg-4rpr-qp95

CVSS3: 7.5
github
больше 3 лет назад

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

fstec логотип

BDU:2023-03809

CVSS3: 7.5
fstec
почти 8 лет назад

Уязвимость функции remember_Ktype компонента cplus-dem.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3