Bug 1645957 (CVE-2018-18483) - CVE-2018-18483 binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service
Summary: CVE-2018-18483 binutils: Integer overflow in cplus-dem.c:get_count() allows f...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-18483
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1645961 1645963 1645965 1645966 1650333 1653849 1654027
Blocks: 1647427
TreeView+ depends on / blocked
 
Reported: 2018-11-05 05:14 UTC by Sam Fowler
Modified: 2021-10-25 22:21 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-25 22:21:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2018-11-05 05:14:31 UTC 
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.


Upstream Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
https://sourceware.org/bugzilla/show_bug.cgi?id=23767
Comment 1 Sam Fowler 2018-11-05 05:20:28 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1645961]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1645963]
Comment 4 Scott Gayou 2018-11-15 21:19:50 UTC 
Trivial to reproduce, binutils220 does not package c++filt.
Comment 9 Trupti Pardeshi 2020-05-27 09:13:27 UTC 
Can someone please help to know whether GCC of RHEL 5 and RHEL 6 are affected by this issue? If yes, whether fix will be provided in which version of GCC for RHEL 5 and RHEL 6?

Any heads up are much appreciated.

Thanks in advance.

Best Regards,
Comment 10 Nick Clifton 2020-05-27 10:10:59 UTC 
(In reply to Trupti Pardeshi from comment #9)
> Can someone please help to know whether GCC of RHEL 5 and RHEL 6 are
> affected by this issue?

Yes they are.  (Although to be clear it is the binutils packages for RHEL 5 and RHEL 6 which are most affected by the problem, even though the bug is in the libiberty library which part of the GCC project).

> If yes, whether fix will be provided in which
> version of GCC for RHEL 5 and RHEL 6?

Currently there are no plans to provide a fix for this CVE.

Since the problem only manifests in 32-bit environments, and only when asked to demangle a specially created, corrupt name, there does not appear to be a pressing need to create a fix for this problem.
Comment 11 Trupti Pardeshi 2020-05-27 11:04:17 UTC 
(In reply to Nick Clifton from comment #10)
> (In reply to Trupti Pardeshi from comment #9)
> > Can someone please help to know whether GCC of RHEL 5 and RHEL 6 are
> > affected by this issue?
> 
> Yes they are.  (Although to be clear it is the binutils packages for RHEL 5
> and RHEL 6 which are most affected by the problem, even though the bug is in
> the libiberty library which part of the GCC project).
> 
> > If yes, whether fix will be provided in which
> > version of GCC for RHEL 5 and RHEL 6?
> 
> Currently there are no plans to provide a fix for this CVE.
> 
> Since the problem only manifests in 32-bit environments, and only when asked
> to demangle a specially created, corrupt name, there does not appear to be a
> pressing need to create a fix for this problem.

Thank you so much Nick for prompt and clear reply.
Note You need to log in before you can comment on or make changes to this bug.