Your submission was sent successfully! Close

CVE-2018-12934

Published: 28 June 2018

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Notes

AuthorNote
mdeslaur
issue is actually in libiberty
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (2.30-21ubuntu1~18.04.3)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(2.33-2ubuntu1.2)
focal Not vulnerable
(2.33-2ubuntu1.2)
groovy Not vulnerable
(2.33-2ubuntu1.2)
hirsute Not vulnerable
(2.33-2ubuntu1.2)
impish Not vulnerable
(2.33-2ubuntu1.2)
jammy Not vulnerable
(2.33-2ubuntu1.2)
kinetic Not vulnerable
(2.33-2ubuntu1.2)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream Needs triage

xenial
Released (2.26.1-1ubuntu1~16.04.8+esm1)
Patches:
upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=1910070b298052d7ca8e4024891465824588c1e9
upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=236f4ebe3ac7e8f94184fdcc39c70d74cc62b82a

libiberty
Launchpad, Ubuntu, Debian
bionic
Released (20170913-1ubuntu0.1)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(20190907-1)
focal Not vulnerable
(20190907-1)
groovy Not vulnerable
(20190907-1)
hirsute Not vulnerable
(20190907-1)
impish Not vulnerable
(20190907-1)
jammy Not vulnerable
(20190907-1)
kinetic Not vulnerable
(20190907-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (20160215-1ubuntu0.3)
Patches:


upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=6c8120c5ff130e03d32ff15a8f0d0e703592a2af