PT-2018-3983 · Gnu+3 · Gnu Binutils+4

Wcventure

Published

2018-12-28

Updated

2026-04-20

CVE-2018-20712

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.31.1

Description The issue is related to a heap-based buffer over-read in the d expression 1 function in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils. This can be exploited by a remote attacker using a crafted input, potentially causing segmentation faults and leading to a denial-of-service (DoS).

Recommendations For GNU Binutils version 2.31.1, consider disabling the d expression 1 function in cp-demangle.c as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-3046

BDU:2024-06974

CLEANSTART-2026-HF39630

CVE-2018-20712

ECHO-0160-9330-67CD

Affected Products

Alt Linux

Astra Linux

Debian

Gnu Binutils

Gnu Libiberty

PT-2018-3983 · Gnu+3 · Gnu Binutils+4

CVE-2018-20712

Weakness Enumeration

Related Identifiers

Affected Products

References · 37