CVE-2018-9138Uncontrolled Recursion in Binutils

CWE-674Uncontrolled RecursionCWE-400Uncontrolled Resource Consumption13 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 46.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMar 30
Latest updateMay 13

Description

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.32.51.20190707-1+3
NVDgnu/binutils2.29, 2.30+1

🔴Vulnerability Details

3
GHSA
GHSA-cwff-w289-23wm: An issue was discovered in cplus-dem2022-05-13
OSV
CVE-2018-9138: An issue was discovered in cplus-dem2018-03-30
CVEList
CVE-2018-9138: An issue was discovered in cplus-dem2018-03-30

📋Vendor Advisories

5
Ubuntu
GNU binutils vulnerabilities2021-07-21
Ubuntu
GNU binutils vulnerabilities2020-04-22
Ubuntu
libiberty vulnerabilities2020-04-08
Red Hat
binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty2018-03-27
Debian
CVE-2018-9138: binutils - An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU B...2018

💬Community

4
Bugzilla
CVE-2018-9138 binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty [fedora-all]2018-04-05
Bugzilla
CVE-2018-9138 mingw-binutils: binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty [fedora-all]2018-04-05
Bugzilla
CVE-2018-9138 binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty2018-04-05
Bugzilla
CVE-2018-9138 mingw-binutils: binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty [epel-all]2018-04-05
CVE-2018-9138 — Uncontrolled Recursion in GNU Binutils | cvebase