Bug 2046300 (CVE-2021-46195)

Summary: CVE-2021-46195 gcc: uncontrolled recursion in libiberty/rust-demangle.c
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ahajkova, ailan, aoliva, dmalcolm, erik-fedora, fweimer, jakub, jwakely, klember, ktietz, law, manisandro, mcermak, mnewsome, mpolacek, mprchlik, msebor, nickc, ohudlick, rjones, sipoyare, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was discovered in the GNU libiberty library within the demangle_path() function in rust-demangle.c, as distributed in the GNU Compiler Collection (GCC). This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-05 02:23:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2054887, 2054888, 2054889, 2054890, 2055050, 2055051    
Bug Blocks: 2046209    

Description Mauro Matteo Cascella 2022-01-26 14:36:14 UTC 
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

References:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98886
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841
https://nvd.nist.gov/vuln/detail/CVE-2021-46195
Comment 1 Nick Clifton 2022-01-26 15:34:52 UTC 
Note - a patch to fix this bug has been proposed here:

  https://gcc.gnu.org/pipermail/gcc-patches/2022-January/589277.html

Also note that although this CVE refers to GCC, the problem also affects the Binutils packages.

The severity of the CVE might be to high however.  The problem is only triggered when deliberately corrupt input is passed to a tool that attempts to demangle symbol names.  Normal users should never encounter this problem.
Comment 2 Nick Clifton 2022-01-26 16:08:14 UTC 
Sorry, I meant ..."might be too high"...
Comment 3 Mauro Matteo Cascella 2022-02-15 17:49:11 UTC 
Thanks Nick, I lowered the severity of the flaw as per your previous comment.
Comment 4 Mauro Matteo Cascella 2022-02-15 20:59:37 UTC 
Upstream commit:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab
Comment 6 Mauro Matteo Cascella 2022-02-15 22:08:01 UTC 
Created gcc tracking bugs for this issue:

Affects: fedora-all [bug 2054887]


Created mingw-gcc tracking bugs for this issue:

Affects: fedora-all [bug 2054888]
Comment 11 errata-xmlrpc 2022-11-15 11:09:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8415 https://access.redhat.com/errata/RHSA-2022:8415
Comment 12 Product Security DevOps Team 2022-12-05 02:23:33 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-46195