PT-2018-3961 · Gnu+2 · Gnu Libiberty+3

Cheng Wen

Publicado

2018-09-17

Atualizado

2024-06-15

CVE-2018-17985

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.31

Description The issue is related to a stack consumption problem in the cp-demangle.c component of GNU libiberty, distributed in GNU Binutils. This problem is caused by the cplus demangle type function making recursive calls to itself in certain scenarios involving many 'P' characters. The vulnerability allows a remote attacker to cause a denial of service due to uncontrolled resource consumption.

Recommendations For GNU Binutils version 2.31, consider applying a patch or fix that addresses the recursive call issue in the cplus demangle type function to prevent stack consumption problems. As a temporary workaround, restrict the input to prevent scenarios involving many 'P' characters that could trigger the recursive calls.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

BDU:2023-07790

CVE-2018-17985

OPENSUSE-SU-2019:2415-1

OPENSUSE-SU-2019:2432-1

OPENSUSE-SU-2019_2415-1

OPENSUSE-SU-2019_2432-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2019:2650-1

SUSE-SU-2019:2779-1

SUSE-SU-2019:2780-1

USN-4326-1

USN-4336-1

USN-4336-2

Produtos afetados

Gnu Binutils

Gnu Libiberty

Suse

Ubuntu

PT-2018-3961 · Gnu+2 · Gnu Libiberty+3

CVE-2018-17985

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 648