Your submission was sent successfully! Close

CVE-2017-13716

Published: 28 August 2017

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Notes

AuthorNote
mdeslaur
This issue is actually a libiberty issue, but there doesn't
appear to be a libiberty bug open for it as of 2021-07-30
Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Deferred

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Deferred

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred

precise Ignored
(end of ESM support, was deferred)
trusty Deferred

upstream Needs triage

xenial Deferred

zesty Ignored
(reached end-of-life)
libiberty
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Deferred

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Deferred

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred

precise Does not exist

trusty Does not exist
(trusty was deferred [2021-02-26])
upstream Needs triage

xenial Deferred
(2021-02-26)
zesty Ignored
(reached end-of-life)