1595419 – (CVE-2018-12698) CVE-2018-12698 binutils: excessive memory consumption in demangle_template in cplus-dem.c

Bug 1595419 (CVE-2018-12698) - CVE-2018-12698 binutils: excessive memory consumption in demangle_template in cplus-dem.c

Summary: CVE-2018-12698 binutils: excessive memory consumption in demangle_template in...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2018-12698
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1595423 1595424 1595425 1595426 1600233 1600234
Blocks:	1595443
TreeView+	depends on / blocked

Reported:	2018-06-26 21:49 UTC by Laura Pardo
Modified:	2019-09-29 14:42 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-06-10 10:30:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description Laura Pardo 2018-06-26 21:49:38 UTC

A flaw was found in demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This vulnerability allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call.


References:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 	
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 	
https://sourceware.org/bugzilla/show_bug.cgi?id=23057

Comment 1 Laura Pardo 2018-06-26 21:53:53 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1595425]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1595424]
Affects: fedora-all [bug 1595423]

Note You need to log in before you can comment on or make changes to this bug.