CVE-2018-20657

Published: 02 January 2019

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Priority

Negligible

CVSS 3 base score: 7.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Deferred

Ubuntu 20.04 LTS (Focal Fossa) Deferred

Ubuntu 18.04 LTS (Bionic Beaver) Deferred

Ubuntu 16.04 LTS (Xenial Xerus) Deferred

Ubuntu 14.04 ESM (Trusty Tahr) Deferred

Notes

AuthorNote
mdeslaur
10-byte memleak, not considered important to be fixed by
upstream, so no patch is available as of 2020-10-19

References

Bugs