CVE-2017-13716 — Allocation of Resources Without Limits or Throttling in Binutils

CWE-770 — Allocation of Resources Without Limits or Throttling11 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 53.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedAug 28

Latest updateMay 13

Description

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDgnu/binutils2.29

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-mwjr-5h89-5xqp: The C++ symbol demangler routine in cplus-dem↗2022-05-13

▶

OSV

CVE-2017-13716: The C++ symbol demangler routine in cplus-dem↗2017-08-28

▶

CVEList

CVE-2017-13716: The C++ symbol demangler routine in cplus-dem↗2017-08-28

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2019-13715↗2019-10-22

▶

Red Hat

binutils: Memory leak with the C++ symbol demangler routine in libiberty↗2017-08-25

▶

Debian

CVE-2017-13716: binutils - The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in ...↗2017

▶

💬Community

Bugzilla

CVE-2017-13716 binutils: Memory leak with the C++ symbol demangler routine in libiberty↗2017-08-31

▶

Bugzilla

CVE-2017-12448 CVE-2017-12449 CVE-2017-12450 CVE-2017-12451 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12455 CVE-2017-12456 CVE-2017-12457 CVE-2017-12458 CVE-2017-12459 CVE-2017-13710 CVE-2↗2017-08-21

▶

Bugzilla

▶

Bugzilla

▶