Bug 1595419 (CVE-2018-12698) - CVE-2018-12698 binutils: excessive memory consumption in demangle_template in cplus-dem.c
Summary: CVE-2018-12698 binutils: excessive memory consumption in demangle_template in...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-12698
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1595425 1595423 1595424 1595426 1600233 1600234
Blocks: 1595443
TreeView+ depends on / blocked
 
Reported: 2018-06-26 21:49 UTC by Laura Pardo
Modified: 2019-09-29 14:42 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:30:26 UTC


Attachments (Terms of Use)

Description Laura Pardo 2018-06-26 21:49:38 UTC
A flaw was found in demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This vulnerability allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call.


References:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 	
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 	
https://sourceware.org/bugzilla/show_bug.cgi?id=23057

Comment 1 Laura Pardo 2018-06-26 21:53:53 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1595425]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1595424]
Affects: fedora-all [bug 1595423]


Note You need to log in before you can comment on or make changes to this bug.