Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. Upstream fix: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 References: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html
Thanks for the "heads-up"! insight was already OK in Fedora>=36. In F35, insight-13.0.50.20220502-1.fc35 fixes the problem: https://koji.fedoraproject.org/koji/buildinfo?buildID=2055285 currently testing pending.
FEDORA-2022-8e1df11a7a has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 2132594] Created gcc tracking bugs for this issue: Affects: fedora-all [bug 2132586] Created gdb tracking bugs for this issue: Affects: fedora-all [bug 2132595] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 2132596] Created mingw-gcc tracking bugs for this issue: Affects: fedora-all [bug 2132587] Created mingw-gdb tracking bugs for this issue: Affects: fedora-all [bug 2132603]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:3269 https://access.redhat.com/errata/RHSA-2023:3269
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3826
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6372 https://access.redhat.com/errata/RHSA-2023:6372