CVE-2018-12698Uncontrolled Resource Consumption in Binutils

CWE-400Uncontrolled Resource Consumption14 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU BinutilsCanonical Ubuntu Linux
Timeline
PublishedJun 23
Latest updateMay 13

Description

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.32.51.20190707-1+3
NVDgnu/binutils2.30

Also affects: Ubuntu Linux 16.04.4

🔴Vulnerability Details

3
GHSA
GHSA-3xpc-qj75-hw9m: demangle_template in cplus-dem2022-05-13
OSV
CVE-2018-12698: demangle_template in cplus-dem2018-06-23
CVEList
CVE-2018-12698: demangle_template in cplus-dem2018-06-23

📋Vendor Advisories

6
Ubuntu
GNU binutils vulnerabilities2021-07-21
Ubuntu
GNU binutils vulnerabilities2020-04-22
Ubuntu
libiberty vulnerabilities2020-04-08
Red Hat
libiberty: Memory leak in demangle_template function resulting in a denial of service2018-12-18
Red Hat
binutils: excessive memory consumption in demangle_template in cplus-dem.c2018-04-11

💬Community

4
Bugzilla
CVE-2018-12698 binutils: excessive memory consumption in demangle_template in cplus-dem.c [fedora-all]2018-06-26
Bugzilla
CVE-2018-12698 mingw-binutils: binutils: excessive memory consumption in demangle_template in cplus-dem.c [epel-all]2018-06-26
Bugzilla
CVE-2018-12698 mingw-binutils: binutils: excessive memory consumption in demangle_template in cplus-dem.c [fedora-all]2018-06-26
Bugzilla
CVE-2018-12698 binutils: excessive memory consumption in demangle_template in cplus-dem.c2018-06-26
CVE-2018-12698 — Uncontrolled Resource Consumption | cvebase