An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070
Notes: 1. The bug is only triggered by attempting to demangle a deliberately malformed string. Properly mangled strings produced by the Rust compiler - or other language compilers - will not trigger this bug. Therefore it is unlikely to ever be encountered by most users. 2. This bug, or a similar one, was reported upstream in the GCC bugzilla system and fixed there. The fix was included in the binutils 2.38 release. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 3. The bug triggers a stack exhaustion effect, but not a privilege escalation effect. As such it might conceivably be used a part of a denial of service attack, or to conceal other malicious code in a binary, but that is about it. 4. According to the GNU Binutils' SECURITY.txt document, this bug would not qualify as a security bug - or a CVE - since it cannot threaten the security of a system.
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 2229054] Created gdb tracking bugs for this issue: Affects: fedora-all [bug 2229055] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 2229056]
Given Nick's analysis of the bug, does this REALLY qualify as "medium" severity? Can we dispute this?