Bug 2046300 (CVE-2021-46195) - CVE-2021-46195 gcc: uncontrolled recursion in libiberty/rust-demangle.c
Summary: CVE-2021-46195 gcc: uncontrolled recursion in libiberty/rust-demangle.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-46195
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2054887 2054888 2054889 2054890 2055050 2055051
Blocks: 2046209
TreeView+ depends on / blocked
 
Reported: 2022-01-26 14:36 UTC by Mauro Matteo Cascella
Modified: 2023-02-20 10:56 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was discovered in the GNU libiberty library within the demangle_path() function in rust-demangle.c, as distributed in the GNU Compiler Collection (GCC). This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash.
Clone Of:
Environment:
Last Closed: 2022-12-05 02:23:37 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:8415 0 None None None 2022-11-15 11:09:52 UTC

Description Mauro Matteo Cascella 2022-01-26 14:36:14 UTC
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

References:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98886
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841
https://nvd.nist.gov/vuln/detail/CVE-2021-46195

Comment 1 Nick Clifton 2022-01-26 15:34:52 UTC
Note - a patch to fix this bug has been proposed here:

  https://gcc.gnu.org/pipermail/gcc-patches/2022-January/589277.html

Also note that although this CVE refers to GCC, the problem also affects the Binutils packages.

The severity of the CVE might be to high however.  The problem is only triggered when deliberately corrupt input is passed to a tool that attempts to demangle symbol names.  Normal users should never encounter this problem.

Comment 2 Nick Clifton 2022-01-26 16:08:14 UTC
Sorry, I meant ..."might be too high"...

Comment 3 Mauro Matteo Cascella 2022-02-15 17:49:11 UTC
Thanks Nick, I lowered the severity of the flaw as per your previous comment.

Comment 4 Mauro Matteo Cascella 2022-02-15 20:59:37 UTC
Upstream commit:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab

Comment 6 Mauro Matteo Cascella 2022-02-15 22:08:01 UTC
Created gcc tracking bugs for this issue:

Affects: fedora-all [bug 2054887]


Created mingw-gcc tracking bugs for this issue:

Affects: fedora-all [bug 2054888]

Comment 11 errata-xmlrpc 2022-11-15 11:09:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8415 https://access.redhat.com/errata/RHSA-2022:8415

Comment 12 Product Security DevOps Team 2022-12-05 02:23:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-46195


Note You need to log in before you can comment on or make changes to this bug.