A stack overflow vulnerability in the libiberty demangler was found, which causes its host application to crash on a tainted branch instruction. The problem is caused by a self-reference in a mangled type string that is "remembered" for later reference. This leads to an infinite recursion during the demangling. Upstream bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696 Proposed patch: https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html CVE assignment: http://seclists.org/oss-sec/2016/q2/633
Created gcc tracking bugs for this issue: Affects: fedora-all [bug 1352076]
Created mingw-gdb tracking bugs for this issue: Affects: fedora-all [bug 1352074] Affects: epel-7 [bug 1352075]
Created compat-gcc-296 tracking bugs for this issue: Affects: fedora-all [bug 1352072]
Created compat-gcc-34 tracking bugs for this issue: Affects: fedora-all [bug 1352070]
Created compat-gcc-32 tracking bugs for this issue: Affects: fedora-all [bug 1352069]
Created gdb tracking bugs for this issue: Affects: fedora-all [bug 1352073]
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1352082] Affects: epel-all [bug 1352083]
Created mingw-gcc tracking bugs for this issue: Affects: fedora-all [bug 1352078] Affects: epel-all [bug 1352079]
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1352080]
Why is this issue filed as a security bug? This is an infinite recursion which leads to a stack overflow which leads only to a DoS. No remote code execution is possible. This is not a stack-based buffer overflow. At least for GDB there are many knows bugs how to make it crash on a specially crafted binaries but that is still not a security vulnerability.
I agree with comment #10, I don't think that a stack overflow qualifies as security issue in this context. I can't think of a realistic scenario where this would cross any privilege boundaries or has any real impact on system security as a whole.
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.