CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > provided by libiberty, and there are recursive stack frames: > demangle_template_value_parm, demangle_integral_value, and > demangle_expression. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 No action upstream so far. > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling > functions provided by libiberty, and there are recursive stack frames: > demangle_nested_args, demangle_args, do_arg, and do_type. https://sourceware.org/bugzilla/show_bug.cgi?id=23008 No action upstream so far. > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > GNU > Binutils 2.30, allows remote attackers to cause a denial of service > (excessive memory allocation and application crash) via a crafted ELF file, > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > in libbfd.c. This can occur during execution of nm. https://sourceware.org/bugzilla/show_bug.cgi?id=23361 "fixed with commit 95a6d235661" * fixed for >=sys-devel/binutils-2.31.1 * cherry-picked for gentoo/binutils-2.30 branch > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > Binutils 2.30, allows attackers to trigger excessive memory consumption > (aka > OOM). This can occur during execution of cxxfilt. Problem is in libiberty. > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): > A Stack Exhaustion issue was discovered in debug_write_type in debug.c in > GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. Problem is in libiberty. > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): > finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a > denial of service (heap-based buffer overflow) or possibly have unspecified > other impact, as demonstrated by an out-of-bounds write of 8 bytes. This > can > occur during execution of objdump. Problem is in libiberty. > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): > demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU > Binutils 2.30, allows attackers to trigger excessive memory consumption > (aka > OOM) during the "Create an array for saving the template argument values" > XNEWVEC call. This can occur during execution of objdump. Problem is in libiberty. > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): > A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was > discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as > distributed in GNU Binutils 2.30. This can occur during execution of > objdump. Problem is in libiberty. > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): > An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as > distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ > demangling functions provided by libiberty, and there are recursive stack > frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, > do_type, do_arg, demangle_args, and demangle_nested_args. This can occur > during execution of nm-new. Problem is in libiberty. > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > The ignore_section_sym function in elf.c in the Binary File Descriptor > (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > validate > the output_section pointer in the case of a symtab entry with a "SECTION" > type that has a "0" value, which allows remote attackers to cause a denial > of service (NULL pointer dereference and application crash) via a crafted > file, as demonstrated by objcopy. Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > Binutils 2.30, processes a negative Data Directory size with an unbounded > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > that the address exceeds its own memory region, resulting in an > out-of-bounds memory write, as demonstrated by objcopy copying private info > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > (aka > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > cause a denial of service (NULL pointer dereference and application crash) > via a crafted binary file, as demonstrated by nm-new. Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > to cause a denial of service (heap-based buffer over-read and application > crash) via a crafted binary file, as demonstrated by readelf. Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d * Fixed in >=sys-devel/binutils-2.31 * cherry-picked for the gentoo/binutils-2.30 branch
I think most of the libiberty related problems where solved in gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=266886 and it seems even gcc-8.3.0 needs them?
(In reply to Andreas K. Hüttel from comment #1) > (In reply to GLSAMaker/CVETool Bot from comment #0) > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > provided by libiberty, and there are recursive stack frames: > > demangle_template_value_parm, demangle_integral_value, and > > demangle_expression. > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > No action upstream so far. Dito > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling > > functions provided by libiberty, and there are recursive stack frames: > > demangle_nested_args, demangle_args, do_arg, and do_type. > > https://sourceware.org/bugzilla/show_bug.cgi?id=23008 > No action upstream so far. Nick Clifton 2018-12-07 13:37:08 UTC Fixed by recent merge with gcc libiberty sources. => fixed in gentoo 2.32 branch > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > GNU > > Binutils 2.30, allows remote attackers to cause a denial of service > > (excessive memory allocation and application crash) via a crafted ELF file, > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > in libbfd.c. This can occur during execution of nm. > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > "fixed with commit 95a6d235661" > * fixed for >=sys-devel/binutils-2.31.1 > * cherry-picked for gentoo/binutils-2.30 branch > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > (aka > > OOM). This can occur during execution of cxxfilt. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 No action yet. > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): > > A Stack Exhaustion issue was discovered in debug_write_type in debug.c in > > GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): > > finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a > > denial of service (heap-based buffer overflow) or possibly have unspecified > > other impact, as demonstrated by an out-of-bounds write of 8 bytes. This > > can > > occur during execution of objdump. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): > > demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > (aka > > OOM) during the "Create an array for saving the template argument values" > > XNEWVEC call. This can occur during execution of objdump. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): > > A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was > > discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as > > distributed in GNU Binutils 2.30. This can occur during execution of > > objdump. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 "Fixed with commit 266886." > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): > > An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as > > distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ > > demangling functions provided by libiberty, and there are recursive stack > > frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, > > do_type, do_arg, demangle_args, and demangle_nested_args. This can occur > > during execution of nm-new. > > Problem is in libiberty. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 "Fixed with commit 266886" > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > (BFD) > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > validate > > the output_section pointer in the case of a symtab entry with a "SECTION" > > type that has a "0" value, which allows remote attackers to cause a denial > > of service (NULL pointer dereference and application crash) via a crafted > > file, as demonstrated by objcopy. > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > that the address exceeds its own memory region, resulting in an > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > (aka > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > cause a denial of service (NULL pointer dereference and application crash) > > via a crafted binary file, as demonstrated by nm-new. > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > to cause a denial of service (heap-based buffer over-read and application > > crash) via a crafted binary file, as demonstrated by readelf. > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > * Fixed in >=sys-devel/binutils-2.31 > * cherry-picked for the gentoo/binutils-2.30 branch
CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. Handled as Bug# 652060
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
> > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > provided by libiberty, and there are recursive stack frames: > > > demangle_template_value_parm, demangle_integral_value, and > > > demangle_expression. > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > No action upstream so far. > Dito Dito > > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138): > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling > > > functions provided by libiberty, and there are recursive stack frames: > > > demangle_nested_args, demangle_args, do_arg, and do_type. > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23008 > > No action upstream so far. > Nick Clifton 2018-12-07 13:37:08 UTC > Fixed by recent merge with gcc libiberty sources. > => fixed in gentoo 2.32 branch > > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > > GNU > > > Binutils 2.30, allows remote attackers to cause a denial of service > > > (excessive memory allocation and application crash) via a crafted ELF file, > > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > > in libbfd.c. This can occur during execution of nm. > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > > "fixed with commit 95a6d235661" > > * fixed for >=sys-devel/binutils-2.31.1 > > * cherry-picked for gentoo/binutils-2.30 branch > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > (aka > > > OOM). This can occur during execution of cxxfilt. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > No action yet. Dito > > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700): > > > A Stack Exhaustion issue was discovered in debug_write_type in debug.c in > > > GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699): > > > finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a > > > denial of service (heap-based buffer overflow) or possibly have unspecified > > > other impact, as demonstrated by an out-of-bounds write of 8 bytes. This > > > can > > > occur during execution of objdump. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698): > > > demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > (aka > > > OOM) during the "Create an array for saving the template argument values" > > > XNEWVEC call. This can occur during execution of objdump. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697): > > > A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was > > > discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as > > > distributed in GNU Binutils 2.30. This can occur during execution of > > > objdump. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 > "Fixed with commit 266886." Fixed in 2.32 > > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641): > > > An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as > > > distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ > > > demangling functions provided by libiberty, and there are recursive stack > > > frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, > > > do_type, do_arg, demangle_args, and demangle_nested_args. This can occur > > > during execution of nm-new. > > > > Problem is in libiberty. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 > "Fixed with commit 266886" Fixed in 2.32 > > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > > (BFD) > > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > > validate > > > the output_section pointer in the case of a symtab entry with a "SECTION" > > > type that has a "0" value, which allows remote attackers to cause a denial > > > of service (NULL pointer dereference and application crash) via a crafted > > > file, as demonstrated by objcopy. > > > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch > > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > > that the address exceeds its own memory region, resulting in an > > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch > > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > > (aka > > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > > cause a denial of service (NULL pointer dereference and application crash) > > > via a crafted binary file, as demonstrated by nm-new. > > > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch > > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > > to cause a denial of service (heap-based buffer over-read and application > > > crash) via a crafted binary file, as demonstrated by readelf. > > > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > > * Fixed in >=sys-devel/binutils-2.31 > > * cherry-picked for the gentoo/binutils-2.30 branch
Removed vulnerabilities are now in bug 682698 > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > > provided by libiberty, and there are recursive stack frames: > > > > demangle_template_value_parm, demangle_integral_value, and > > > > demangle_expression. > > > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > > No action upstream so far. > > Dito > Dito > > > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > > > GNU > > > > Binutils 2.30, allows remote attackers to cause a denial of service > > > > (excessive memory allocation and application crash) via a crafted ELF file, > > > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > > > in libbfd.c. This can occur during execution of nm. > > > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > > > "fixed with commit 95a6d235661" > > > * fixed for >=sys-devel/binutils-2.31.1 > > > * cherry-picked for gentoo/binutils-2.30 branch > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > > (aka > > > > OOM). This can occur during execution of cxxfilt. > > > > > > Problem is in libiberty. > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > > No action yet. > Dito > > > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > > > (BFD) > > > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > > > validate > > > > the output_section pointer in the case of a symtab entry with a "SECTION" > > > > type that has a "0" value, which allows remote attackers to cause a denial > > > > of service (NULL pointer dereference and application crash) via a crafted > > > > file, as demonstrated by objcopy. > > > > > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > > > that the address exceeds its own memory region, resulting in an > > > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > > > > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > > > (aka > > > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > > > cause a denial of service (NULL pointer dereference and application crash) > > > > via a crafted binary file, as demonstrated by nm-new. > > > > > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > > > to cause a denial of service (heap-based buffer over-read and application > > > > crash) via a crafted binary file, as demonstrated by readelf. > > > > > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > > > * Fixed in >=sys-devel/binutils-2.31 > > > * cherry-picked for the gentoo/binutils-2.30 branch
Removed vulnerabilities are now in bug 682702 > > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > > > provided by libiberty, and there are recursive stack frames: > > > > > demangle_template_value_parm, demangle_integral_value, and > > > > > demangle_expression. > > > > > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > > > No action upstream so far. > > > Dito > > Dito > > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > > > (aka > > > > > OOM). This can occur during execution of cxxfilt. > > > > > > > > Problem is in libiberty. > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > > > No action yet. > > Dito
> > > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996): > > > > > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > > > > > > GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions > > > > > > provided by libiberty, and there are recursive stack frames: > > > > > > demangle_template_value_parm, demangle_integral_value, and > > > > > > demangle_expression. > > > > > > > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 > > > > > No action upstream so far. > > > > Dito > > > Dito Dito > > > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934): > > > > > > remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU > > > > > > Binutils 2.30, allows attackers to trigger excessive memory consumption > > > > > > (aka > > > > > > OOM). This can occur during execution of cxxfilt. > > > > > > > > > > Problem is in libiberty. > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 > > > > No action yet. > > > Dito Dito
No new action.
Nothing new upstream.
No news here.
No news.