CVE-2021-3530
Published: 2 June 2021
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 2.36 no fix commited upstream as of 2021-09-27 probably a dupe of CVE-2021-3648 |
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
binutils Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
groovy |
Not vulnerable
(code not present)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Deferred
|
|
precise |
Ignored
(end of ESM support, was needs-triage)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
libiberty Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
groovy |
Not vulnerable
(code not present)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Deferred
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|