CVE-2019-9071

Published: 24 February 2019

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Notes

Author	Note
sbeattie	upstream notes this issue is in libiberty same fix as CVE-2019-9070

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
binutils Launchpad, Ubuntu, Debian	bionic	Released (2.30-21ubuntu1~18.04.3)
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Not vulnerable (2.33-2ubuntu1)
	focal	Not vulnerable (2.34-5ubuntu1)
	groovy	Not vulnerable (2.34-5ubuntu1)
	hirsute	Not vulnerable (2.34-5ubuntu1)
	impish	Not vulnerable (2.34-5ubuntu1)
	jammy	Not vulnerable (2.34-5ubuntu1)
	kinetic	Not vulnerable (2.34-5ubuntu1)
	precise	Ignored (end of ESM support, was needs-triage)
	trusty	Needs triage
	upstream	Needs triage
	xenial	Released (2.26.1-1ubuntu1~16.04.8+esm1)
	Patches: upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c1202057eb9161a86af27d867703235fee7b7555
libiberty Launchpad, Ubuntu, Debian	bionic	Released (20170913-1ubuntu0.1)
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Not vulnerable (20190907-1)
	focal	Not vulnerable (20190907-1)
	groovy	Not vulnerable (20190907-1)
	hirsute	Not vulnerable (20190907-1)
	impish	Not vulnerable (20190907-1)
	jammy	Not vulnerable (20190907-1)
	kinetic	Not vulnerable (20190907-1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Released (20160215-1ubuntu0.3)
	Patches: upstream: https://gcc.gnu.org/viewcvs?rev=270258&root=gcc&view=rev

Security

CVE-2019-9071

Notes

Low

Status

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading