CVE-2018-18700Infinite Loop in Binutils

CWE-835Infinite LoopCWE-400Uncontrolled Resource Consumption13 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 29.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedOct 29
Latest updateMay 13

Description

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.32.51.20190707-1+3
NVDgnu/binutils2.31

🔴Vulnerability Details

3
GHSA
GHSA-wgw9-xp6q-63v8: An issue was discovered in cp-demangle2022-05-13
OSV
CVE-2018-18700: An issue was discovered in cp-demangle2018-10-29
CVEList
CVE-2018-18700: An issue was discovered in cp-demangle2018-10-27

📋Vendor Advisories

5
Ubuntu
GNU binutils vulnerabilities2021-07-21
Ubuntu
GNU binutils vulnerabilities2020-04-22
Ubuntu
libiberty vulnerabilities2020-04-08
Red Hat
binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c2018-10-22
Debian
CVE-2018-18700: binutils - An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU...2018

💬Community

4
Bugzilla
CVE-2018-18700 binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c [fedora-all]2018-11-05
Bugzilla
CVE-2018-18700 mingw-binutils: binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c [epel-all]2018-11-05
Bugzilla
CVE-2018-18700 binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c2018-11-05
Bugzilla
CVE-2018-17794 binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input2018-10-02
CVE-2018-18700 — Infinite Loop in GNU Binutils | cvebase