CVE-2016-4491

Published: 24 February 2017

The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream
Released (2.29)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.29-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.29-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.29-1ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.26.1-1ubuntu1~16.04.8+esm1)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c793cac124dd2eb34042f2e43abb099a26e34cb0
Upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b9da89d161e3903faa335f444af2bf05e40f926e
Upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=2d3392bd42e16b5c8894c357f250dbde245e96fe
binutils-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gcc-arm-none-eabi
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
gcc-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gccxml
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gdb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (8.0-0ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa)
Released (8.0-0ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (8.0-0ubuntu3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.11.1-0ubuntu1~16.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])
ht
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
libiberty
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(20170627-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(20170627-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(20170627-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (20160215-1ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [20131116-1ubuntu0.2])
Patches:
Upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a664c62cf916d036dba3d25973e5bb92c523536e
Upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=cb987b84fd492260ef448988dec9f3fe377c4e23
Upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=b4cd77b1236a743dd5d94bc210534856a12e6efe
nescc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
sdcc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
valgrind
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (1:3.12.0-1.1ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:3.12.0-1.1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:3.12.0-1.1ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:3.11.0-1ubuntu4.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:3.10.1-1ubuntu3~14.5])