An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. Upstream Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1635083] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1635085] Affects: fedora-all [bug 1635084]
Hi, It looks like, below mentioned CVEs are related: CVE-2018-18700 CVE-2018-18701 CVE-2018-17985 CVE-2018-17794 CVE-2018-18484 All of these CVEs redhat bugs are in open state (i.e. NEW state). Can someone please help me to know whether GCC of RHEL 5 and RHEL 6 are affected by above mentioned CVEs? If yes, whether fix will be provided in which version of GCC for RHEL 5 and RHEL 6? Any heads up are much appreciated. Thanks in advance. Best Regards,
(In reply to Trupti Pardeshi from comment #8) > It looks like, below mentioned CVEs are related: Indeed, they are. > Can someone please help me to know whether GCC of RHEL 5 and RHEL 6 are > affected by above mentioned CVEs? Yes. Although to be clear the problem is in the name demangling code which is part of the libiberty library. This library is part of the GCC distribution, although the name demangling code is only rarely used (generally only when printing out informative messages). The bug does not affect the actual compilation of code. The libiberty library however is used by the binutils package as well, and this package does make more use of the name demangling features. In particular one program supplied by the package - cxxfilt - is expressly intended to take mangled names and convert them into their demangled forms. Therefore the binutils packages supplied with RHEL 5 and RHEL 6 are also affected. > If yes, whether fix will be provided in > which version of GCC for RHEL 5 and RHEL 6? Currently there are no plans to provide such a fix. The problem only manifests if a tool, eg cxxfilt, is asked to demangle a specially crafted, malformed name. Properly mangled names, such as those generated by G++ or other compilers, will not trigger the problem. Also it should be noted that the problem is fixed in the Developer Toolset 9 version of the binutils which is available for RHEL 6. I hope that this information helps.
(In reply to Nick Clifton from comment #9) > (In reply to Trupti Pardeshi from comment #8) > > > It looks like, below mentioned CVEs are related: > > Indeed, they are. > > > Can someone please help me to know whether GCC of RHEL 5 and RHEL 6 are > > affected by above mentioned CVEs? > > Yes. Although to be clear the problem is in the name demangling code which > is part of the libiberty library. This library is part of the GCC > distribution, although the name demangling code is only rarely used > (generally only when printing out informative messages). The bug does not > affect the actual compilation of code. The libiberty library however is > used by the binutils package as well, and this package does make more use of > the name demangling features. In particular one program supplied by the > package - cxxfilt - is expressly intended to take mangled names and convert > them into their demangled forms. Therefore the binutils packages supplied > with RHEL 5 and RHEL 6 are also affected. > > > If yes, whether fix will be provided in > > which version of GCC for RHEL 5 and RHEL 6? > > Currently there are no plans to provide such a fix. The problem only > manifests if a tool, eg cxxfilt, is asked to demangle a specially crafted, > malformed name. Properly mangled names, such as those generated by G++ or > other compilers, will not trigger the problem. > > Also it should be noted that the problem is fixed in the Developer Toolset 9 > version of the binutils which is available for RHEL 6. > > I hope that this information helps. Thank you so much Nick for prompt and clear reply.