CVE-2018-12641: An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions…

CVE-2018-12641 [MEDIUM] CWE-400 GHSA-4cqc-25m3-f64g: An issue was discovered in arm_pt in cplus-dem An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

CVE-2018-12641 [MEDIUM] CVE-2018-12641: An issue was discovered in arm_pt in cplus-dem An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

CVE-2018-19932 GNU binutils vulnerabilities Title: GNU binutils vulnerabilities Summary: Several security issues were fixed in GNU binutils. USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2018-1000876 GNU binutils vulnerabilities Title: GNU binutils vulnerabilities Summary: Several security issues were fixed in GNU binutils. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2018-12641 libiberty vulnerabilities Title: libiberty vulnerabilities Summary: Several security issues were fixed in libiberty. It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code Instructions: In general, a standard system update will make all the necessary changes.

CVE-2018-12641 [MEDIUM] CWE-400 binutils: Stack Exhaustion in the demangling functions provided by libiberty binutils: Stack Exhaustion in the demangling functions provided by libiberty An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. Statement: The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The stack overflow in demangle_class_name() only triggers during the parsing of malformed ELF files, which would require an attacker to convince a use

CVE-2018-12641 [MEDIUM] CVE-2018-12641 mingw-binutils: binutils: Stack Exhaustion in the demangling functions provided by libiberty [epel-all] CVE-2018-12641 mingw-binutils: binutils: Stack Exhaustion in the demangling functions provided by libiberty [epel-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this is

CVE-2018-12641 [MEDIUM] CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty [fedora-all] CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects

CVE-2018-12641 [MEDIUM] CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. References: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 https://sourceware.org/bugzilla/show_bug.cgi?id=23058 Discussion: Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1594413] Created mingw-binutils tracking bugs

CVE-2018-12641 [MEDIUM] CVE-2018-12641 mingw-binutils: binutils: Stack Exhaustion in the demangling functions provided by libiberty [fedora-all] CVE-2018-12641 mingw-binutils: binutils: Stack Exhaustion in the demangling functions provided by libiberty [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: thi