PT-2018-3961 · Gnu+2 · Gnu Libiberty+3

Cheng Wen

Published

2018-09-17

Updated

2024-06-15

CVE-2018-17985

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.31

Description The issue is related to a stack consumption problem in the cp-demangle.c component of GNU libiberty, distributed in GNU Binutils. This problem is caused by the cplus demangle type function making recursive calls to itself in certain scenarios involving many 'P' characters. The vulnerability allows a remote attacker to cause a denial of service due to uncontrolled resource consumption.

Recommendations For GNU Binutils version 2.31, consider applying a patch or fix that addresses the recursive call issue in the cplus demangle type function to prevent stack consumption problems. As a temporary workaround, restrict the input to prevent scenarios involving many 'P' characters that could trigger the recursive calls.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2023-07790

CVE-2018-17985

OPENSUSE-SU-2019:2415-1

OPENSUSE-SU-2019:2432-1

OPENSUSE-SU-2019_2415-1

OPENSUSE-SU-2019_2432-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2019:2650-1

SUSE-SU-2019:2779-1

SUSE-SU-2019:2780-1

USN-4326-1

USN-4336-1

USN-4336-2

Affected Products

Gnu Binutils

Gnu Libiberty

Suse

Ubuntu

PT-2018-3961 · Gnu+2 · Gnu Libiberty+3

CVE-2018-17985

Weakness Enumeration

Related Identifiers

Affected Products

References · 648