Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1352068 - (CVE-2016-6131) CVE-2016-6131 gcc,gdb,binutils,libitm: Stack overflow vulnerability in libiberty demangler
CVE-2016-6131 gcc,gdb,binutils,libitm: Stack overflow vulnerability in libibe...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160629,reported=2...
: Security
Depends On: 1352069 1352070 1352072 1352073 1352074 1352075 1352076 1352079 1352082 1352083 1352078 1352080
Blocks: 1352084
  Show dependency treegraph
 
Reported: 2016-07-01 10:25 EDT by Adam Mariš
Modified: 2016-11-08 10:59 EST (History)
23 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-04 06:16:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2016-07-01 10:25:46 EDT 
A stack overflow vulnerability in the libiberty demangler was found, which causes its host application to crash on a tainted branch instruction. The problem is caused by a self-reference in a mangled type string that is "remembered" for later reference. This leads to an infinite recursion during the demangling.

Upstream bug:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696

Proposed patch:

https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html

CVE assignment:

http://seclists.org/oss-sec/2016/q2/633
Comment 1 Adam Mariš 2016-07-01 10:28:23 EDT 
Created gcc tracking bugs for this issue:

Affects: fedora-all [bug 1352076]
Comment 2 Adam Mariš 2016-07-01 10:28:39 EDT 
Created mingw-gdb tracking bugs for this issue:

Affects: fedora-all [bug 1352074]
Affects: epel-7 [bug 1352075]
Comment 3 Adam Mariš 2016-07-01 10:28:48 EDT 
Created compat-gcc-296 tracking bugs for this issue:

Affects: fedora-all [bug 1352072]
Comment 4 Adam Mariš 2016-07-01 10:28:57 EDT 
Created compat-gcc-34 tracking bugs for this issue:

Affects: fedora-all [bug 1352070]
Comment 5 Adam Mariš 2016-07-01 10:29:06 EDT 
Created compat-gcc-32 tracking bugs for this issue:

Affects: fedora-all [bug 1352069]
Comment 6 Adam Mariš 2016-07-01 10:29:14 EDT 
Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 1352073]
Comment 7 Adam Mariš 2016-07-01 10:29:22 EDT 
Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1352082]
Affects: epel-all [bug 1352083]
Comment 8 Adam Mariš 2016-07-01 10:29:31 EDT 
Created mingw-gcc tracking bugs for this issue:

Affects: fedora-all [bug 1352078]
Affects: epel-all [bug 1352079]
Comment 9 Adam Mariš 2016-07-01 10:29:40 EDT 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1352080]
Comment 10 Jan Kratochvil 2016-07-03 03:14:39 EDT 
Why is this issue filed as a security bug?  This is an infinite recursion which leads to a stack overflow which leads only to a DoS.  No remote code execution is possible.  This is not a stack-based buffer overflow.

At least for GDB there are many knows bugs how to make it crash on a specially crafted binaries but that is still not a security vulnerability.
Comment 11 Stefan Cornelius 2016-07-04 06:07:22 EDT 
I agree with comment #10, I don't think that a stack overflow qualifies as security issue in this context. I can't think of a realistic scenario where this would cross any privilege boundaries or has any real impact on system security as a whole.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.