Bug 2223860 (CVE-2021-32256)

Summary: CVE-2021-32256 binutils: stack-overflow issue in demangle_type in rust-demangle.c.
Product: [Other] Security Response Reporter: Vipul Nair <vinair>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ailan, desktop-qa-list, fweimer, gdb-bugs, keiths, mcermak, mpolacek, mprchlik, nickc, ohudlick, rjones, sipoyare, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-09-29 11:33:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2223864, 2223865, 2223866, 2223867, 2223868, 2223869, 2223870, 2223871, 2223872, 2223873, 2223874, 2223875, 2223876, 2223877, 2223878, 2223879, 2223880, 2223903, 2223904, 2223905, 2223906, 2229054, 2229055, 2229056, 2229057    
Bug Blocks: 2223887    

Description Vipul Nair 2023-07-19 07:13:26 UTC 
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070
Comment 4 Nick Clifton 2023-07-19 09:41:50 UTC 
Notes:

  1. The bug is only triggered by attempting to demangle a deliberately malformed string.  Properly mangled strings produced by the Rust compiler - or other language compilers - will not trigger this bug.  Therefore it is unlikely to ever be encountered by most users.

  2. This bug, or a similar one, was reported upstream in the GCC bugzilla system and fixed there.  The fix was included in the binutils 2.38 release.  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

  3. The bug triggers a stack exhaustion effect, but not a privilege escalation effect.  As such it might conceivably be used a part of a denial of service attack, or to conceal other malicious code in a binary, but that is about it.

  4. According to the GNU Binutils' SECURITY.txt document, this bug would not qualify as a security bug - or a CVE - since it cannot threaten the security of a system.
Comment 5 Dhananjay Arunesh 2023-08-04 05:19:11 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2229054]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2229055]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2229056]
Comment 7 Keith Seitz 2023-09-01 12:41:32 UTC 
Given Nick's analysis of the bug, does this REALLY qualify as "medium"
severity? Can we dispute this?