Bug 2071728 (CVE-2022-27943) - CVE-2022-27943 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
Summary: CVE-2022-27943 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows sta...
Keywords:
Status: NEW
Alias: CVE-2022-27943
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2071729 2071730 2071731 2106529 2106531 2106532 2106533 2106534 2106535 2106843 2106844
Blocks: 2071732
TreeView+ depends on / blocked
 
Reported: 2022-04-04 15:54 UTC by Vipul Nair
Modified: 2023-07-09 12:57 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Vipul Nair 2022-04-04 15:54:16 UTC
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039
https://sourceware.org/bugzilla/show_bug.cgi?id=28995

Comment 1 Vipul Nair 2022-04-04 15:54:54 UTC
Created gcc tracking bugs for this issue:

Affects: fedora-34 [bug 2071729]

Comment 2 Vipul Nair 2022-04-04 15:57:22 UTC
Created gcc tracking bugs for this issue:

Affects: fedora-all [bug 2071730]


Created mingw-gcc tracking bugs for this issue:

Affects: fedora-all [bug 2071731]


Note You need to log in before you can comment on or make changes to this bug.