CVE-2018-18700

Name of the Vulnerable Software and Affected Versions GNU Binutils versions 2.31

Description The issue is related to the functions d name, d encoding, and d local name in the cp-demangle.c component of GNU Binutils. It involves a stack consumption vulnerability due to infinite recursion in these functions. This allows a remote attacker to cause a denial-of-service using a specially crafted ELF file.

Recommendations For GNU Binutils version 2.31, consider disabling the d name(), d encoding(), and d local name() functions in cp-demangle.c as a temporary workaround to minimize the risk of exploitation. Restrict access to the cp-demangle.c component to prevent remote attackers from leveraging this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.