CVE-2017-13716

Published: 28 August 2017

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Deferred

Ubuntu 20.10 (Groovy Gorilla) Deferred

Ubuntu 20.04 LTS (Focal Fossa) Deferred

Ubuntu 18.04 LTS (Bionic Beaver) Deferred

Ubuntu 16.04 LTS (Xenial Xerus) Deferred

Ubuntu 14.04 ESM (Trusty Tahr) Deferred

libiberty
Launchpad, Ubuntu, Debian
Upstream Deferred
(2021-02-26)
Ubuntu 21.04 (Hirsute Hippo) Deferred
(2021-02-26)
Ubuntu 20.10 (Groovy Gorilla) Deferred
(2021-02-26)
Ubuntu 20.04 LTS (Focal Fossa) Deferred
(2021-02-26)
Ubuntu 18.04 LTS (Bionic Beaver) Deferred
(2021-02-26)
Ubuntu 16.04 LTS (Xenial Xerus) Deferred
(2021-02-26)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was deferred [2021-02-26])

Notes

AuthorNote
mdeslaur
This issue is actually a libiberty issue, but there doesn't
appear to be a libiberty bug open for it as of 2020-10-19

References

Bugs