PT-2018-3926 · Gnu+3 · Gnu Binutils+3

Published

2018-04-11

Updated

2021-07-21

CVE-2018-12934

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30

Description The issue is related to the remember Ktype function in the cplus-dem.c component of GNU Binutils, which is associated with unbounded memory allocation. This can be exploited by a remote attacker to cause a denial of service, potentially leading to excessive memory consumption. The exploitation can occur during the execution of cxxfilt.

Recommendations For GNU Binutils version 2.30, consider restricting the use of the remember Ktype function in cplus-dem.c to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the amount of memory available to the cxxfilt execution to prevent excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2019-1204

ALT-PU-2019-1367

BDU:2023-03809

CVE-2018-12934

USN-4326-1

USN-4336-1

USN-4336-2

Affected Products

Alt Linux

Astra Linux

Gnu Binutils

Ubuntu

PT-2018-3926 · Gnu+3 · Gnu Binutils+3

CVE-2018-12934

Weakness Enumeration

Related Identifiers

Affected Products

References · 486