CVE-2018-20657

Опубликовано: 18 дек. 2018

Источник: redhat

CVSS3: 3.3

Описание

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Отчет

This vulnerability is rated as low severity because it results in a memory leak that can cause the application to crash, it may impact performance, it does not pose a significant risk to system.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	binutils	Will not fix
Red Hat Enterprise Linux 5	gcc	Will not fix
Red Hat Enterprise Linux 5	gdb	Will not fix
Red Hat Enterprise Linux 6	binutils	Will not fix
Red Hat Enterprise Linux 6	gcc	Will not fix
Red Hat Enterprise Linux 6	gdb	Will not fix
Red Hat Enterprise Linux 7	binutils	Will not fix
Red Hat Enterprise Linux 7	gcc	Will not fix
Red Hat Enterprise Linux 7	gdb	Will not fix
Red Hat Enterprise Linux 8	binutils	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1664708libiberty: Memory leak in demangle_template function resulting in a denial of service

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-20657

CVSS3: 7.5

ubuntu

около 7 лет назад

CVE-2018-20657

CVSS3: 7.5

nvd

около 7 лет назад

CVE-2018-20657

CVSS3: 7.5

debian

около 7 лет назад

The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...

GHSA-qhfg-hc2h-mmfc

CVSS3: 7.5

github

больше 3 лет назад

ELSA-2019-3352

oracle-oval

около 6 лет назад

ELSA-2019-3352: gdb security, bug fix, and enhancement update (LOW)

3.3 Low

CVSS3