CVE-2021-3826

CWE-119Buffer OverflowCWE-787Out-of-bounds Write6 documents6 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 31.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedoraproject FedoraGNU GCC
Timeline
PublishedSep 1
Latest updateSep 2

Description

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

Debianlibiberty< 20220713-1+2
Debianbinutils< 2.37.50.20220121-1+2
CVEListV5gccgcc 11.2.0
NVDgnu/gcc11.2

Also affects: Fedora 35, 36, 37

Patches

Patch: gcc.gnu.orgPatch: gcc.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-88rg-m78j-x8xw: Heap/stack buffer overflow in the dlang_lname function in d-demangle2022-09-02
OSV
CVE-2021-3826: Heap/stack buffer overflow in the dlang_lname function in d-demangle2022-09-01
CVEList
CVE-2021-3826: Heap/stack buffer overflow in the dlang_lname function in d-demangle2022-09-01

📋Vendor Advisories

2
Red Hat
libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c2021-09-22
Debian
CVE-2021-3826: binutils - Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libibe...2021
CVE-2021-3826 (MEDIUM CVSS 6.5) | Heap/stack buffer overflow in the d | cvebase.io