Summary: | sys-devel/binutils: Stack Exhaustion | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Boyle <boylemic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | herrtimson, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=23008 | ||
Whiteboard: | A3 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Boyle
2018-03-31 02:13:19 UTC
(In reply to Michael Boyle from comment #0) > CVE-2018-9138: > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ > demangling functions provided by libiberty, and there are recursive stack > frames: demangle_nested_args, demangle_args, do_arg, and do_type. Still under debate upstream whether this is real, no fix committed Upstream conclusion seems to be "working as expected" (In reply to Andreas K. Hüttel from comment #2) > Upstream conclusion seems to be "working as expected" Agree. |