CVE-2018-12641

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30

Description An issue was discovered in the arm pt function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils. This issue leads to stack exhaustion in the C++ demangling functions provided by libiberty. The functions involved include demangle arm hp template, demangle class name, demangle fund type, do type, do arg, demangle args, and demangle nested args. This can occur during the execution of nm-new.

Recommendations For GNU Binutils version 2.30, consider updating to a newer version to mitigate the risk of stack exhaustion in the C++ demangling functions. As a temporary workaround, consider restricting the use of the nm-new execution to minimize the risk of exploitation.