Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-27943

Опубликовано: 26 мар. 2022
Источник: redhat
CVSS3: 5.5

Описание

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.

Отчет

The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The stack overflow in demangle_const() only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious file with it. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. This vulnerability is due to a flaw in libiberty. Neither libgcc nor libstdc++ include the affected code. Consequently, neither of those libraries are affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6compat-gcc-295Out of support scope
Red Hat Enterprise Linux 6compat-gcc-296Out of support scope
Red Hat Enterprise Linux 6compat-gcc-32Out of support scope
Red Hat Enterprise Linux 6compat-gcc-34Out of support scope
Red Hat Enterprise Linux 6gccOut of support scope
Red Hat Enterprise Linux 7compat-gcc-32Out of support scope
Red Hat Enterprise Linux 7compat-gcc-34Out of support scope
Red Hat Enterprise Linux 7compat-gcc-44Out of support scope
Red Hat Enterprise Linux 7gccOut of support scope
Red Hat Enterprise Linux 8gccFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2071728binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-27943

CVSS3: 5.5
ubuntu
почти 4 года назад

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

nvd логотип

CVE-2022-27943

CVSS3: 5.5
nvd
почти 4 года назад

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

debian логотип

CVE-2022-27943

CVSS3: 5.5
debian
почти 4 года назад

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in ...

github логотип

GHSA-xcrq-6rjw-5chw

CVSS3: 5.5
github
почти 4 года назад

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

fstec логотип

BDU:2025-12274

CVSS3: 5.5
fstec
почти 4 года назад

Уязвимость функции demangle_const компонента libiberty/rust-demangle.c компилятора GCC, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3