CVE-2018-12698 - demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attac

CVE-2018-12698

Summary

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

References

Vulnerable Configurations

cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	104539
gentoo	GLSA-201908-01
misc	https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 https://sourceware.org/bugzilla/show_bug.cgi?id=23057
ubuntu	USN-4326-1 USN-4336-1

Last major update

03-10-2019 - 00:03

Published

23-06-2018 - 23:29

Last modified

03-10-2019 - 00:03