CVE-2018-18700

Updated: 2023-11-04 20:00:06.582104

Description:

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS binutils 2.20 5.5 MEDIUM Released CLSA-2022:1641904053 2022-05-05 12:04:13
CloudLinux 6 ELS binutils 2.20 5.5 MEDIUM Released CLSA-2021:1640790752 2022-01-11 09:49:18
Oracle Linux 6 ELS binutils 2.20 5.5 MEDIUM Released CLSA-2021:1640790635 2021-12-29 11:07:56
Ubuntu 16.04 ELS binutils 2.26 5.5 MEDIUM Released CLSA-2021:1635459139 2021-12-16 10:40:06