Vulnerability Name: | CVE-2018-12698 (CCN-145318) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2018-04-18 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2018-04-18 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2019-10-03 | ||||||||||||||||||||||||||||||||||||||||
Summary: | demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-12698 Source: BID Type: Third Party Advisory, VDB Entry 104539 Source: CCN Type: BID-104539 GNU libiberty CVE-2018-12698 Memory Corruption Vulnerability Source: MISC Type: Exploit, Third Party Advisory https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 Source: XF Type: UNKNOWN gnu-binutils-cve201812698-dos(145318) Source: CCN Type: GCC Bugzilla Bug 85454 Multiple memory corruptions in objdump / C++ name demangler Source: MISC Type: Exploit, Issue Tracking, Vendor Advisory https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 Source: GENTOO Type: UNKNOWN GLSA-201908-01 Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://sourceware.org/bugzilla/show_bug.cgi?id=23057 Source: UBUNTU Type: UNKNOWN USN-4326-1 Source: UBUNTU Type: UNKNOWN USN-4336-1 Source: CCN Type: GNU Web site Binutils Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-12698 | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |