Summary: | sys-devel/binutils: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | bertrand, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [upstream cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
![]() (In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > provided by libiberty, and there are recursive stack frames: > demangle_template_value_parm, demangle_integral_value, and > demangle_expression. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 No action upstream so far. > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling > functions provided by libiberty, and there are recursive stack frames: > demangle_nested_args, demangle_args, do_arg, and do_type. https://sourceware.org/bugzilla/show_bug.cgi?id=23008 No action upstream so far. > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > GNU > Binutils 2.30, allows remote attackers to cause a denial of service > (excessive memory allocation and application crash) via a crafted ELF file, > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > in libbfd.c. This can occur during execution of nm. https://sourceware.org/bugzilla/show_bug.cgi?id=23361 "fixed with commit 95a6d235661" * fixed for >=sys-devel/binutils-2.31.1 * cherry-picked for gentoo/binutils-2.30 branch > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > Binutils 2.30, allows attackers to trigger excessive memory consumption > (aka > OOM). This can occur during execution of cxxfilt. Problem is in libiberty. > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): > A Stack Exhaustion issue was discovered in debug_write_type in debug.c in > GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. Problem is in libiberty. > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): > finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a > denial of service (heap-based buffer overflow) or possibly have unspecified > other impact, as demonstrated by an out-of-bounds write of 8 bytes. This > can > occur during execution of objdump. Problem is in libiberty. > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): > demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU > Binutils 2.30, allows attackers to trigger excessive memory consumption > (aka > OOM) during the "Create an array for saving the template argument values" > XNEWVEC call. This can occur during execution of objdump. Problem is in libiberty. > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): > A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was > discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as > distributed in GNU Binutils 2.30. This can occur during execution of > objdump. Problem is in libiberty. > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): > An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as > distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ > demangling functions provided by libiberty, and there are recursive stack > frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, > do_type, do_arg, demangle_args, and demangle_nested_args. This can occur > during execution of nm-new. Problem is in libiberty. > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > The ignore_section_sym function in elf.c in the Binary File Descriptor > (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > validate > the output_section pointer in the case of a symtab entry with a "SECTION" > type that has a "0" value, which allows remote attackers to cause a denial > of service (NULL pointer dereference and application crash) via a crafted > file, as demonstrated by objcopy. Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > Binutils 2.30, processes a negative Data Directory size with an unbounded > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > that the address exceeds its own memory region, resulting in an > out-of-bounds memory write, as demonstrated by objcopy copying private info > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > (aka > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > cause a denial of service (NULL pointer dereference and application crash) > via a crafted binary file, as demonstrated by nm-new. Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > to cause a denial of service (heap-based buffer over-read and application > crash) via a crafted binary file, as demonstrated by readelf. Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch I think most of the libiberty related problems where solved in gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=266886 and it seems even gcc-8.3.0 needs them? (In reply to Andreas K. Hüttel from comment #1) > (In reply to GLSAMaker/CVETool Bot from comment #0) > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > provided by libiberty, and there are recursive stack frames: > > demangle_template_value_parm, demangle_integral_value, and > > demangle_expression. > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > No action upstream so far. Dito > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling > > functions provided by libiberty, and there are recursive stack frames: > > demangle_nested_args, demangle_args, do_arg, and do_type. > > https://sourceware.org/bugzilla/show_bug.cgi?id=23008 > No action upstream so far. Nick Clifton 2018-12-07 13:37:08 UTC Fixed by recent merge with gcc libiberty sources. => fixed in gentoo 2.32 branch > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > GNU > > Binutils 2.30, allows remote attackers to cause a denial of service > > (excessive memory allocation and application crash) via a crafted ELF file, > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > in libbfd.c. This can occur during execution of nm. > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > "fixed with commit 95a6d235661" > * fixed for >=sys-devel/binutils-2.31.1 > * cherry-picked for gentoo/binutils-2.30 branch > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > (aka > > OOM). This can occur during execution of cxxfilt. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 No action yet. > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): > > A Stack Exhaustion issue was discovered in debug_write_type in debug.c in > > GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): > > finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a > > denial of service (heap-based buffer overflow) or possibly have unspecified > > other impact, as demonstrated by an out-of-bounds write of 8 bytes. This > > can > > occur during execution of objdump. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): > > demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > (aka > > OOM) during the "Create an array for saving the template argument values" > > XNEWVEC call. This can occur during execution of objdump. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): > > A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was > > discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as > > distributed in GNU Binutils 2.30. This can occur during execution of > > objdump. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): > > An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as > > distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ > > demangling functions provided by libiberty, and there are recursive stack > > frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, > > do_type, do_arg, demangle_args, and demangle_nested_args. This can occur > > during execution of nm-new. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 "Fixed with commit 266886" > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > (BFD) > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > validate > > the output_section pointer in the case of a symtab entry with a "SECTION" > > type that has a "0" value, which allows remote attackers to cause a denial > > of service (NULL pointer dereference and application crash) via a crafted > > file, as demonstrated by objcopy. > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > that the address exceeds its own memory region, resulting in an > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > (aka > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > cause a denial of service (NULL pointer dereference and application crash) > > via a crafted binary file, as demonstrated by nm-new. > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > to cause a denial of service (heap-based buffer over-read and application > > crash) via a crafted binary file, as demonstrated by readelf. > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. Handled as Bug# 652060 Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > provided by libiberty, and there are recursive stack frames: > > > demangle_template_value_parm, demangle_integral_value, and > > > demangle_expression. > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > No action upstream so far. > Dito Dito > > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling > > > functions provided by libiberty, and there are recursive stack frames: > > > demangle_nested_args, demangle_args, do_arg, and do_type. > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23008 > > No action upstream so far. > Nick Clifton 2018-12-07 13:37:08 UTC > Fixed by recent merge with gcc libiberty sources. > => fixed in gentoo 2.32 branch > > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > > GNU > > > Binutils 2.30, allows remote attackers to cause a denial of service > > > (excessive memory allocation and application crash) via a crafted ELF file, > > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > > in libbfd.c. This can occur during execution of nm. > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > > "fixed with commit 95a6d235661" > > * fixed for >=sys-devel/binutils-2.31.1 > > * cherry-picked for gentoo/binutils-2.30 branch > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > (aka > > > OOM). This can occur during execution of cxxfilt. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > No action yet. Dito > > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): > > > A Stack Exhaustion issue was discovered in debug_write_type in debug.c in > > > GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): > > > finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a > > > denial of service (heap-based buffer overflow) or possibly have unspecified > > > other impact, as demonstrated by an out-of-bounds write of 8 bytes. This > > > can > > > occur during execution of objdump. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): > > > demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > (aka > > > OOM) during the "Create an array for saving the template argument values" > > > XNEWVEC call. This can occur during execution of objdump. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): > > > A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was > > > discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as > > > distributed in GNU Binutils 2.30. This can occur during execution of > > > objdump. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): > > > An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as > > > distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ > > > demangling functions provided by libiberty, and there are recursive stack > > > frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, > > > do_type, do_arg, demangle_args, and demangle_nested_args. This can occur > > > during execution of nm-new. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 > "Fixed with commit 266886" Fixed in 2.32 > > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > > (BFD) > > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > > validate > > > the output_section pointer in the case of a symtab entry with a "SECTION" > > > type that has a "0" value, which allows remote attackers to cause a denial > > > of service (NULL pointer dereference and application crash) via a crafted > > > file, as demonstrated by objcopy. > > > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch > > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > > that the address exceeds its own memory region, resulting in an > > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch > > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > > (aka > > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > > cause a denial of service (NULL pointer dereference and application crash) > > > via a crafted binary file, as demonstrated by nm-new. > > > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch > > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > > to cause a denial of service (heap-based buffer over-read and application > > > crash) via a crafted binary file, as demonstrated by readelf. > > > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch Removed vulnerabilities are now in bug 682698 > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > > provided by libiberty, and there are recursive stack frames: > > > > demangle_template_value_parm, demangle_integral_value, and > > > > demangle_expression. > > > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > > No action upstream so far. > > Dito > Dito > > > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > > > GNU > > > > Binutils 2.30, allows remote attackers to cause a denial of service > > > > (excessive memory allocation and application crash) via a crafted ELF file, > > > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > > > in libbfd.c. This can occur during execution of nm. > > > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > > > "fixed with commit 95a6d235661" > > > * fixed for >=sys-devel/binutils-2.31.1 > > > * cherry-picked for gentoo/binutils-2.30 branch > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > > (aka > > > > OOM). This can occur during execution of cxxfilt. > > > > > > Problem is in libiberty. > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > > No action yet. > Dito > > > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > > > (BFD) > > > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > > > validate > > > > the output_section pointer in the case of a symtab entry with a "SECTION" > > > > type that has a "0" value, which allows remote attackers to cause a denial > > > > of service (NULL pointer dereference and application crash) via a crafted > > > > file, as demonstrated by objcopy. > > > > > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > > > that the address exceeds its own memory region, resulting in an > > > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > > > > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > > > (aka > > > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > > > cause a denial of service (NULL pointer dereference and application crash) > > > > via a crafted binary file, as demonstrated by nm-new. > > > > > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > > > to cause a denial of service (heap-based buffer over-read and application > > > > crash) via a crafted binary file, as demonstrated by readelf. > > > > > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch Removed vulnerabilities are now in bug 682702 > > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > > > provided by libiberty, and there are recursive stack frames: > > > > > demangle_template_value_parm, demangle_integral_value, and > > > > > demangle_expression. > > > > > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > > > No action upstream so far. > > > Dito > > Dito > > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > > > (aka > > > > > OOM). This can occur during execution of cxxfilt. > > > > > > > > Problem is in libiberty. > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > > > No action yet. > > Dito > > > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > > > > provided by libiberty, and there are recursive stack frames: > > > > > > demangle_template_value_parm, demangle_integral_value, and > > > > > > demangle_expression. > > > > > > > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > > > > No action upstream so far. > > > > Dito > > > Dito Dito > > > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > > > > (aka > > > > > > OOM). This can occur during execution of cxxfilt. > > > > > > > > > > Problem is in libiberty. > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > > > > No action yet. > > > Dito Dito No new action. Nothing new upstream. No news here. No news. No news. No news. |