CVE-2016-6131

Published: 07 February 2017

The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream
Released (2.28)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=41f225defe891ff71d3c8a149cdc1ed8f3a64c5c
binutils-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gcc-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gdb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.11.1-0ubuntu1~16.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])
ht
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
libiberty
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(20161220-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(20161220-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(20161220-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(20161220-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (20160215-1ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [20131116-1ubuntu0.2])
Patches:
Upstream: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143
Upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=ebcc31144416b524ea556708c32304c53b439724
nescc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
valgrind
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:3.11.0-1ubuntu4.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:3.10.1-1ubuntu3~14.5])