Описание
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
Отчет
This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this stack memory exhaustion is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with c++filt. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 5 | binutils220 | Will not fix | ||
| Red Hat Enterprise Linux 6 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 7 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-binutils | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
Уязвимость компонента cp-demangle.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании
5.5 Medium
CVSS3