Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20673

Опубликовано: 27 дек. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Отчет

This issue did not affect the versions of gdb as shipped with Red Hat Enterprise Linux 7 and with Red Hat Developer Toolset 7 and 8 as they are compiled only for 64bit architectures, where the flaw is not present. This vulnerability has been rated as Low severity for Red Hat Enterprise Linux 8, as the circumstances to exploit are particularly unlikely. A crafted binary file must be passed to one of the affected tools, in a 32-bit environment, and in a scenario where the corrupted file comes from an untrusted source. In 64 bit environments, exploitation is not possible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5binutilsWill not fix
Red Hat Enterprise Linux 5gccWill not fix
Red Hat Enterprise Linux 5gdbWill not fix
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 6gccWill not fix
Red Hat Enterprise Linux 6gdbWill not fix
Red Hat Enterprise Linux 7binutilsWill not fix
Red Hat Enterprise Linux 7gccWill not fix
Red Hat Enterprise Linux 7gdbNot affected
Red Hat Enterprise Linux 8binutilsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1664709libiberty: Integer overflow in demangle_template() function

EPSS

Процентиль: 31%
0.00119
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20673

CVSS3: 5.5
ubuntu
больше 7 лет назад

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

nvd логотип

CVE-2018-20673

CVSS3: 5.5
nvd
больше 7 лет назад

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

debian логотип

CVE-2018-20673

CVSS3: 5.5
debian
больше 7 лет назад

The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...

rocky логотип

RLSA-2021:4386

rocky
больше 4 лет назад

Low: gcc security and bug fix update

github логотип

GHSA-jx5v-cp2v-88f2

CVSS3: 5.5
github
почти 4 года назад

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

EPSS

Процентиль: 31%
0.00119
Низкий

5.3 Medium

CVSS3