CVE-2018-12641Uncontrolled Resource Consumption in Binutils

CWE-400Uncontrolled Resource Consumption12 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.7%
top 27.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedJun 22
Latest updateMay 13

Description

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntugnu/binutils< 2.30-21ubuntu1~18.04.3+1
NVDgnu/binutils2.30

🔴Vulnerability Details

3
GHSA
GHSA-4cqc-25m3-f64g: An issue was discovered in arm_pt in cplus-dem2022-05-13
CVEList
CVE-2018-12641: An issue was discovered in arm_pt in cplus-dem2018-06-22
OSV
CVE-2018-12641: An issue was discovered in arm_pt in cplus-dem2018-06-22

📋Vendor Advisories

4
Ubuntu
GNU binutils vulnerabilities2021-07-21
Ubuntu
GNU binutils vulnerabilities2020-04-22
Ubuntu
libiberty vulnerabilities2020-04-08
Red Hat
binutils: Stack Exhaustion in the demangling functions provided by libiberty2018-04-13

💬Community

4
Bugzilla
CVE-2018-12641 mingw-binutils: binutils: Stack Exhaustion in the demangling functions provided by libiberty [epel-all]2018-06-22
Bugzilla
CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty [fedora-all]2018-06-22
Bugzilla
CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty2018-06-22
Bugzilla
CVE-2018-12641 mingw-binutils: binutils: Stack Exhaustion in the demangling functions provided by libiberty [fedora-all]2018-06-22
CVE-2018-12641 — Uncontrolled Resource Consumption | cvebase