The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. Upstream Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602 https://sourceware.org/bugzilla/show_bug.cgi?id=23767
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1645961] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1645963]
Trivial to reproduce, binutils220 does not package c++filt.
Can someone please help to know whether GCC of RHEL 5 and RHEL 6 are affected by this issue? If yes, whether fix will be provided in which version of GCC for RHEL 5 and RHEL 6? Any heads up are much appreciated. Thanks in advance. Best Regards,
(In reply to Trupti Pardeshi from comment #9) > Can someone please help to know whether GCC of RHEL 5 and RHEL 6 are > affected by this issue? Yes they are. (Although to be clear it is the binutils packages for RHEL 5 and RHEL 6 which are most affected by the problem, even though the bug is in the libiberty library which part of the GCC project). > If yes, whether fix will be provided in which > version of GCC for RHEL 5 and RHEL 6? Currently there are no plans to provide a fix for this CVE. Since the problem only manifests in 32-bit environments, and only when asked to demangle a specially created, corrupt name, there does not appear to be a pressing need to create a fix for this problem.
(In reply to Nick Clifton from comment #10) > (In reply to Trupti Pardeshi from comment #9) > > Can someone please help to know whether GCC of RHEL 5 and RHEL 6 are > > affected by this issue? > > Yes they are. (Although to be clear it is the binutils packages for RHEL 5 > and RHEL 6 which are most affected by the problem, even though the bug is in > the libiberty library which part of the GCC project). > > > If yes, whether fix will be provided in which > > version of GCC for RHEL 5 and RHEL 6? > > Currently there are no plans to provide a fix for this CVE. > > Since the problem only manifests in 32-bit environments, and only when asked > to demangle a specially created, corrupt name, there does not appear to be a > pressing need to create a fix for this problem. Thank you so much Nick for prompt and clear reply.