Your submission was sent successfully! Close

CVE-2021-3530

Published: 2 June 2021

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

Notes

AuthorNote
mdeslaur
introduced in 2.36
no fix commited upstream as of 2021-09-27
probably a dupe of CVE-2021-3648
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred

precise Ignored
(end of ESM support, was needs-triage)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
libiberty
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)