CVE-2018-18701

Updated: 2023-11-04 20:02:39.390396

Description:

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS binutils 2.20 5.5 MEDIUM Released CLSA-2022:1641904053 2022-05-05 12:04:14
CloudLinux 6 ELS binutils 2.20 5.5 MEDIUM Released CLSA-2021:1640790752 2022-01-11 09:49:22
Oracle Linux 6 ELS binutils 2.20 5.5 MEDIUM Released CLSA-2021:1640790635 2021-12-29 11:08:02
Ubuntu 16.04 ELS binutils 2.26 5.5 MEDIUM Released CLSA-2021:1635459139 2021-12-16 10:40:05