Описание
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.
Отчет
Libiberty is a component used during compilation. This vulnerability requires a corrupted input file to have already been introduced into your application’s source code. This flaw could then induce a segmentation fault during compile time. However, it would be immediately apparent to the developer or operations team that something is wrong. In a release pipeline which utilizes libiberty, a build failure would not prevent usage of existing stable builds, so while a flaw of this type could halt the roll out of new versions of your app, it cannot impact any apps which have already been built and deployed. If this vulnerability were exploited, organizations which follow basic industry guidance for development and security (isolation of build environment, use of version control, and restriction of commit access) would be able to recover easily. Better prepared organizations would not even experience an outage as any problematic commits would be automatically reverted. For these reasons Red Hat Product Security has rated the impact as Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 6 | compat-gcc-295 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | compat-gcc-296 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | compat-gcc-32 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | compat-gcc-34 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | gcc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-gcc-32 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-gcc-34 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-gcc-44 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c ...
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
EPSS
7.5 High
CVSS3