CVE-2018-18701

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.31

Description An issue in cp-demangle.c of GNU libiberty, distributed in GNU Binutils, involves a stack consumption vulnerability due to infinite recursion in the next is type qual() and cplus demangle type() functions. This allows remote attackers to cause a denial-of-service via a specially crafted ELF file.

Recommendations For GNU Binutils version 2.31, consider disabling the next is type qual() and cplus demangle type() functions in cp-demangle.c as a temporary workaround to minimize the risk of exploitation. Restrict access to handling ELF files to reduce the risk of a denial-of-service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.