Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-46195

Published: 14 January 2022

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Notes

AuthorNote
sbeattie
gcc-3.3 only provides libstdc++5
gcc-msp430 is based on gcc-4.6.3
gcc-m68hc1x is based on gcc-3.3.6
gcc-h8300-hms is based on gcc-3.4.6
sbeattie
gcc-i686-linux-android and gcc-arm-linux-androideabi are based on gcc-4.7
litios
affected function introduced in gcc-11
mdeslaur
This is the same CVE as CVE-2021-3530, but applied to GCC
eslerm
libiberty and binutils tracked as CVE-2021-3530
eslerm
affected function, demangler_path, introduced on 2020-11-13 in 11.1.0 with 84096498a7b ("libiberty: Support the new ("v0") mangling scheme in rust-demangle")
mdeslaur
GCC fix on 2022-01-31 in 12.1.0 with f10bec5ffa4 ("libiberty: Fix infinite recursion in rust demangler.")

Priority

Low

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
gcc-10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Needed

kinetic Ignored
(end of life, was needs-triage)
lunar Ignored
(end of life, was needed)
mantic Needed

noble Needed

trusty Does not exist

upstream
Released (12.1.0)
xenial Does not exist

gcc-12
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support)
focal Does not exist

jammy Not vulnerable
(12-20220319-1ubuntu1)
lunar Not vulnerable
(12.2.0-17ubuntu1)
mantic Not vulnerable
(12.3.0-6ubuntu1)
noble Not vulnerable
(12.3.0-6ubuntu1)
trusty Ignored
(end of standard support)
upstream
Released (12.1.0)
xenial Ignored
(end of standard support)
gcc-13
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

lunar Not vulnerable
(13-20230320-1ubuntu1)
mantic Not vulnerable
(13.2.0-1ubuntu1)
noble Not vulnerable
(13.2.0-1ubuntu1)
trusty Ignored
(end of standard support)
upstream Not vulnerable
(gcc-13.1.0)
xenial Ignored
(end of standard support)
gcc-3.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-4.4
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-4.6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-4.7
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-4.7-armel-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-4.7-armhf-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-4.8
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-4.8-arm64-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
Binaries built from this source package are in Universe and so are supported by the community.
gcc-4.8-armhf-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
Binaries built from this source package are in Universe and so are supported by the community.
gcc-4.8-powerpc-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
Binaries built from this source package are in Universe and so are supported by the community.
gcc-4.8-ppc64el-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
Binaries built from this source package are in Universe and so are supported by the community.
gcc-4.9
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-5
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-5-cross
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-6
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-6-cross
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-6-cross-ports
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-7
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-7-cross
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-7-cross-ports
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-8
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-8-cross
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-8-cross-ports
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-9
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-9-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-9-cross-ports
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-arm-linux-androideabi
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-arm-none-eabi
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(12.1.0)
xenial Not vulnerable
(code not present)
gcc-avr
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-defaults
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-defaults-arm64-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-defaults-armel-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-defaults-armhf-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-defaults-powerpc-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-defaults-ppc64el-cross
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Does not exist

gcc-h8300-hms
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-i686-linux-android
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-m68hc1x
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-mingw-w64
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Ignored
(end of standard support, was needs-triage)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-msp430
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-opt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
gcc-snapshot
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
noble Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(12.1.0)
xenial Not vulnerable
(code not present)
gccgo-4.9
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Does not exist

gccgo-6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

mantic Does not exist

noble Does not exist

trusty Does not exist

upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H