PT-2018-11303 · Gnu+4 · Gnu Binutils+4

Cornelius Aschermann

+1

·

Publicado

2018-06-22

·

Atualizado

2021-07-21

·

CVE-2018-12641

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30
Description An issue was discovered in the arm pt function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils. This issue leads to stack exhaustion in the C++ demangling functions provided by libiberty. The functions involved include demangle arm hp template, demangle class name, demangle fund type, do type, do arg, demangle args, and demangle nested args. This can occur during the execution of nm-new.
Recommendations For GNU Binutils version 2.30, consider updating to a newer version to mitigate the risk of stack exhaustion in the C++ demangling functions. As a temporary workaround, consider restricting the use of the nm-new execution to minimize the risk of exploitation.

Exploit

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2019-1204
ALT-PU-2019-1367
CESA-2019_2075
CVE-2018-12641
RHSA-2019:2075
RHSA-2019_2075
USN-4326-1
USN-4336-1
USN-4336-2

Produtos afetados

Alt Linux
Centos
Gnu Binutils
Red Hat
Ubuntu