SB2018093004 - Multiple vulnerabilities in GNU Binutils
Published: September 30, 2018 Updated: March 23, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2018-18700)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
2) Infinite loop (CVE-ID: CVE-2018-18701)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
3) Integer overflow (CVE-ID: CVE-2018-18483)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.
4) Resource exhaustion (CVE-ID: CVE-2018-18484)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.
5) Resource exhaustion (CVE-ID: CVE-2018-17985)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
6) NULL pointer dereference (CVE-ID: CVE-2018-17794)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
- https://usn.ubuntu.com/4326-1/
- https://usn.ubuntu.com/4336-1/
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
- http://www.securityfocus.com/bid/105689
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
- https://sourceware.org/bugzilla/show_bug.cgi?id=23767
- http://www.securityfocus.com/bid/105693
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350