Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 661154 (CVE-2018-12934, CVE-2018-9996) - sys-devel/binutils: Multiple vulnerabilities
Summary: sys-devel/binutils: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2018-12934, CVE-2018-9996
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [upstream cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-14 16:23 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-31 20:57 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-07-14 16:23:59 UTC
CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
  An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
  GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
  provided by libiberty, and there are recursive stack frames:
  demangle_template_value_parm, demangle_integral_value, and
  demangle_expression.

CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138):
  An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
  GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
  functions provided by libiberty, and there are recursive stack frames:
  demangle_nested_args, demangle_args, do_arg, and do_type.

CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033):
  The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
  Binutils 2.30, allows remote attackers to cause a denial of service
  (excessive memory allocation and application crash) via a crafted ELF file,
  as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc
  in libbfd.c. This can occur during execution of nm.

CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
  remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
  Binutils 2.30, allows attackers to trigger excessive memory consumption (aka
  OOM). This can occur during execution of cxxfilt.

CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700):
  A Stack Exhaustion issue was discovered in debug_write_type in debug.c in
  GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.

CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699):
  finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a
  denial of service (heap-based buffer overflow) or possibly have unspecified
  other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can
  occur during execution of objdump.

CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698):
  demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU
  Binutils 2.30, allows attackers to trigger excessive memory consumption (aka
  OOM) during the "Create an array for saving the template argument values"
  XNEWVEC call. This can occur during execution of objdump.

CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697):
  A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was
  discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
  distributed in GNU Binutils 2.30. This can occur during execution of
  objdump.

CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641):
  An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as
  distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++
  demangling functions provided by libiberty, and there are recursive stack
  frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type,
  do_type, do_arg, demangle_args, and demangle_nested_args. This can occur
  during execution of nm-new.

CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535):
  The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD)
  library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate
  the output_section pointer in the case of a symtab entry with a "SECTION"
  type that has a "0" value, which allows remote attackers to cause a denial
  of service (NULL pointer dereference and application crash) via a crafted
  file, as demonstrated by objcopy.

CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534):
  The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the
  Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
  Binutils 2.30, processes a negative Data Directory size with an unbounded
  loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so
  that the address exceeds its own memory region, resulting in an
  out-of-bounds memory write, as demonstrated by objcopy copying private info
  with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.

CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373):
  concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka
  libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to
  cause a denial of service (NULL pointer dereference and application crash)
  via a crafted binary file, as demonstrated by nm-new.

CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372):
  process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers
  to cause a denial of service (heap-based buffer over-read and application
  crash) via a crafted binary file, as demonstrated by readelf.
Comment 1 Andreas K. Hüttel gentoo-dev 2018-12-04 22:55:48 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
>   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
>   GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
>   provided by libiberty, and there are recursive stack frames:
>   demangle_template_value_parm, demangle_integral_value, and
>   demangle_expression.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
No action upstream so far.

> 
> CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138):
>   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
>   GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
>   functions provided by libiberty, and there are recursive stack frames:
>   demangle_nested_args, demangle_args, do_arg, and do_type.

https://sourceware.org/bugzilla/show_bug.cgi?id=23008
No action upstream so far.

> 
> CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033):
>   The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
> GNU
>   Binutils 2.30, allows remote attackers to cause a denial of service
>   (excessive memory allocation and application crash) via a crafted ELF file,
>   as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc
>   in libbfd.c. This can occur during execution of nm.

https://sourceware.org/bugzilla/show_bug.cgi?id=23361
"fixed with commit 95a6d235661"
* fixed for >=sys-devel/binutils-2.31.1
* cherry-picked for gentoo/binutils-2.30 branch

> 
> CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
>   remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
>   Binutils 2.30, allows attackers to trigger excessive memory consumption
> (aka
>   OOM). This can occur during execution of cxxfilt.

Problem is in libiberty.

> 
> CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700):
>   A Stack Exhaustion issue was discovered in debug_write_type in debug.c in
>   GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.

Problem is in libiberty.

> 
> CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699):
>   finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a
>   denial of service (heap-based buffer overflow) or possibly have unspecified
>   other impact, as demonstrated by an out-of-bounds write of 8 bytes. This
> can
>   occur during execution of objdump.

Problem is in libiberty.

> 
> CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698):
>   demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU
>   Binutils 2.30, allows attackers to trigger excessive memory consumption
> (aka
>   OOM) during the "Create an array for saving the template argument values"
>   XNEWVEC call. This can occur during execution of objdump.

Problem is in libiberty.

> 
> CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697):
>   A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was
>   discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
>   distributed in GNU Binutils 2.30. This can occur during execution of
>   objdump.

Problem is in libiberty.

> 
> CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641):
>   An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as
>   distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++
>   demangling functions provided by libiberty, and there are recursive stack
>   frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type,
>   do_type, do_arg, demangle_args, and demangle_nested_args. This can occur
>   during execution of nm-new.

Problem is in libiberty.

> 
> CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535):
>   The ignore_section_sym function in elf.c in the Binary File Descriptor
> (BFD)
>   library (aka libbfd), as distributed in GNU Binutils 2.30, does not
> validate
>   the output_section pointer in the case of a symtab entry with a "SECTION"
>   type that has a "0" value, which allows remote attackers to cause a denial
>   of service (NULL pointer dereference and application crash) via a crafted
>   file, as demonstrated by objcopy.

Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac
* Fixed in >=sys-devel/binutils-2.31
* cherry-picked for the gentoo/binutils-2.30 branch

> 
> CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534):
>   The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the
>   Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
>   Binutils 2.30, processes a negative Data Directory size with an unbounded
>   loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so
>   that the address exceeds its own memory region, resulting in an
>   out-of-bounds memory write, as demonstrated by objcopy copying private info
>   with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.

Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
* Fixed in >=sys-devel/binutils-2.31
* cherry-picked for the gentoo/binutils-2.30 branch

> 
> CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373):
>   concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library
> (aka
>   libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to
>   cause a denial of service (NULL pointer dereference and application crash)
>   via a crafted binary file, as demonstrated by nm-new.

Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689
* Fixed in >=sys-devel/binutils-2.31
* cherry-picked for the gentoo/binutils-2.30 branch

> 
> CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372):
>   process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers
>   to cause a denial of service (heap-based buffer over-read and application
>   crash) via a crafted binary file, as demonstrated by readelf.

Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d
* Fixed in >=sys-devel/binutils-2.31
* cherry-picked for the gentoo/binutils-2.30 branch
Comment 2 tt_1 2019-03-04 07:44:54 UTC
I think most of the libiberty related problems where solved in gcc: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=266886

and it seems even gcc-8.3.0 needs them?
Comment 3 Andreas K. Hüttel gentoo-dev 2019-03-24 21:42:02 UTC
(In reply to Andreas K. Hüttel from comment #1)
> (In reply to GLSAMaker/CVETool Bot from comment #0)
> > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
> >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> >   GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
> >   provided by libiberty, and there are recursive stack frames:
> >   demangle_template_value_parm, demangle_integral_value, and
> >   demangle_expression.
> 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
> No action upstream so far.
Dito

> > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138):
> >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> >   GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
> >   functions provided by libiberty, and there are recursive stack frames:
> >   demangle_nested_args, demangle_args, do_arg, and do_type.
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=23008
> No action upstream so far.
Nick Clifton 2018-12-07 13:37:08 UTC
Fixed by recent merge with gcc libiberty sources.
=> fixed in gentoo 2.32 branch

> > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033):
> >   The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
> > GNU
> >   Binutils 2.30, allows remote attackers to cause a denial of service
> >   (excessive memory allocation and application crash) via a crafted ELF file,
> >   as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc
> >   in libbfd.c. This can occur during execution of nm.
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=23361
> "fixed with commit 95a6d235661"
> * fixed for >=sys-devel/binutils-2.31.1
> * cherry-picked for gentoo/binutils-2.30 branch

> > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
> >   remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
> >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > (aka
> >   OOM). This can occur during execution of cxxfilt.
> 
> Problem is in libiberty.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
No action yet.

> > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700):
> >   A Stack Exhaustion issue was discovered in debug_write_type in debug.c in
> >   GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
> 
> Problem is in libiberty.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
"Fixed with commit 266886."

> > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699):
> >   finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a
> >   denial of service (heap-based buffer overflow) or possibly have unspecified
> >   other impact, as demonstrated by an out-of-bounds write of 8 bytes. This
> > can
> >   occur during execution of objdump.
> 
> Problem is in libiberty.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
"Fixed with commit 266886."

> > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698):
> >   demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU
> >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > (aka
> >   OOM) during the "Create an array for saving the template argument values"
> >   XNEWVEC call. This can occur during execution of objdump.
> 
> Problem is in libiberty.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
"Fixed with commit 266886."

> > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697):
> >   A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was
> >   discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
> >   distributed in GNU Binutils 2.30. This can occur during execution of
> >   objdump.
> 
> Problem is in libiberty.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
"Fixed with commit 266886."

> > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641):
> >   An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as
> >   distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++
> >   demangling functions provided by libiberty, and there are recursive stack
> >   frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type,
> >   do_type, do_arg, demangle_args, and demangle_nested_args. This can occur
> >   during execution of nm-new.
> 
> Problem is in libiberty.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
"Fixed with commit 266886"

> > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535):
> >   The ignore_section_sym function in elf.c in the Binary File Descriptor
> > (BFD)
> >   library (aka libbfd), as distributed in GNU Binutils 2.30, does not
> > validate
> >   the output_section pointer in the case of a symtab entry with a "SECTION"
> >   type that has a "0" value, which allows remote attackers to cause a denial
> >   of service (NULL pointer dereference and application crash) via a crafted
> >   file, as demonstrated by objcopy.
> 
> Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac
> * Fixed in >=sys-devel/binutils-2.31
> * cherry-picked for the gentoo/binutils-2.30 branch

> > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534):
> >   The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the
> >   Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
> >   Binutils 2.30, processes a negative Data Directory size with an unbounded
> >   loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so
> >   that the address exceeds its own memory region, resulting in an
> >   out-of-bounds memory write, as demonstrated by objcopy copying private info
> >   with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
> 
> Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
> * Fixed in >=sys-devel/binutils-2.31
> * cherry-picked for the gentoo/binutils-2.30 branch

> > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373):
> >   concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library
> > (aka
> >   libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to
> >   cause a denial of service (NULL pointer dereference and application crash)
> >   via a crafted binary file, as demonstrated by nm-new.
> 
> Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689
> * Fixed in >=sys-devel/binutils-2.31
> * cherry-picked for the gentoo/binutils-2.30 branch

> > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372):
> >   process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers
> >   to cause a denial of service (heap-based buffer over-read and application
> >   crash) via a crafted binary file, as demonstrated by readelf.
> 
> Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d
> * Fixed in >=sys-devel/binutils-2.31
> * cherry-picked for the gentoo/binutils-2.30 branch
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-27 23:23:36 UTC
CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138):
  An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
  GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
  functions provided by libiberty, and there are recursive stack frames:
  demangle_nested_args, demangle_args, do_arg, and do_type.

Handled as Bug# 652060
Comment 5 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-27 23:23:50 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Comment 6 Andreas K. Hüttel gentoo-dev 2019-04-06 14:09:19 UTC
> > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
> > >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> > >   GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
> > >   provided by libiberty, and there are recursive stack frames:
> > >   demangle_template_value_parm, demangle_integral_value, and
> > >   demangle_expression.
> > 
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
> > No action upstream so far.
> Dito
Dito


> > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138):
> > >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> > >   GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
> > >   functions provided by libiberty, and there are recursive stack frames:
> > >   demangle_nested_args, demangle_args, do_arg, and do_type.
> > 
> > https://sourceware.org/bugzilla/show_bug.cgi?id=23008
> > No action upstream so far.
> Nick Clifton 2018-12-07 13:37:08 UTC
> Fixed by recent merge with gcc libiberty sources.
> => fixed in gentoo 2.32 branch


> > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033):
> > >   The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
> > > GNU
> > >   Binutils 2.30, allows remote attackers to cause a denial of service
> > >   (excessive memory allocation and application crash) via a crafted ELF file,
> > >   as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc
> > >   in libbfd.c. This can occur during execution of nm.
> > 
> > https://sourceware.org/bugzilla/show_bug.cgi?id=23361
> > "fixed with commit 95a6d235661"
> > * fixed for >=sys-devel/binutils-2.31.1
> > * cherry-picked for gentoo/binutils-2.30 branch


> > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
> > >   remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
> > >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > > (aka
> > >   OOM). This can occur during execution of cxxfilt.
> > 
> > Problem is in libiberty.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
> No action yet.
Dito


> > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700):
> > >   A Stack Exhaustion issue was discovered in debug_write_type in debug.c in
> > >   GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
> > 
> > Problem is in libiberty.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> "Fixed with commit 266886."
Fixed in 2.32


> > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699):
> > >   finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a
> > >   denial of service (heap-based buffer overflow) or possibly have unspecified
> > >   other impact, as demonstrated by an out-of-bounds write of 8 bytes. This
> > > can
> > >   occur during execution of objdump.
> > 
> > Problem is in libiberty.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> "Fixed with commit 266886."
Fixed in 2.32


> > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698):
> > >   demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU
> > >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > > (aka
> > >   OOM) during the "Create an array for saving the template argument values"
> > >   XNEWVEC call. This can occur during execution of objdump.
> > 
> > Problem is in libiberty.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> "Fixed with commit 266886."
Fixed in 2.32


> > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697):
> > >   A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was
> > >   discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
> > >   distributed in GNU Binutils 2.30. This can occur during execution of
> > >   objdump.
> > 
> > Problem is in libiberty.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> "Fixed with commit 266886."
Fixed in 2.32


> > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641):
> > >   An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as
> > >   distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++
> > >   demangling functions provided by libiberty, and there are recursive stack
> > >   frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type,
> > >   do_type, do_arg, demangle_args, and demangle_nested_args. This can occur
> > >   during execution of nm-new.
> > 
> > Problem is in libiberty.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
> "Fixed with commit 266886"
Fixed in 2.32


> > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535):
> > >   The ignore_section_sym function in elf.c in the Binary File Descriptor
> > > (BFD)
> > >   library (aka libbfd), as distributed in GNU Binutils 2.30, does not
> > > validate
> > >   the output_section pointer in the case of a symtab entry with a "SECTION"
> > >   type that has a "0" value, which allows remote attackers to cause a denial
> > >   of service (NULL pointer dereference and application crash) via a crafted
> > >   file, as demonstrated by objcopy.
> > 
> > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac
> > * Fixed in >=sys-devel/binutils-2.31
> > * cherry-picked for the gentoo/binutils-2.30 branch


> > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534):
> > >   The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the
> > >   Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
> > >   Binutils 2.30, processes a negative Data Directory size with an unbounded
> > >   loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so
> > >   that the address exceeds its own memory region, resulting in an
> > >   out-of-bounds memory write, as demonstrated by objcopy copying private info
> > >   with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
> > 
> > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
> > * Fixed in >=sys-devel/binutils-2.31
> > * cherry-picked for the gentoo/binutils-2.30 branch


> > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373):
> > >   concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library
> > > (aka
> > >   libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to
> > >   cause a denial of service (NULL pointer dereference and application crash)
> > >   via a crafted binary file, as demonstrated by nm-new.
> > 
> > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689
> > * Fixed in >=sys-devel/binutils-2.31
> > * cherry-picked for the gentoo/binutils-2.30 branch


> > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372):
> > >   process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers
> > >   to cause a denial of service (heap-based buffer over-read and application
> > >   crash) via a crafted binary file, as demonstrated by readelf.
> > 
> > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d
> > * Fixed in >=sys-devel/binutils-2.31
> > * cherry-picked for the gentoo/binutils-2.30 branch
Comment 7 Andreas K. Hüttel gentoo-dev 2019-04-06 17:22:48 UTC
Removed vulnerabilities are now in bug 682698


> > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
> > > >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> > > >   GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
> > > >   provided by libiberty, and there are recursive stack frames:
> > > >   demangle_template_value_parm, demangle_integral_value, and
> > > >   demangle_expression.
> > > 
> > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
> > > No action upstream so far.
> > Dito
> Dito


> > > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033):
> > > >   The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
> > > > GNU
> > > >   Binutils 2.30, allows remote attackers to cause a denial of service
> > > >   (excessive memory allocation and application crash) via a crafted ELF file,
> > > >   as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc
> > > >   in libbfd.c. This can occur during execution of nm.
> > > 
> > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361
> > > "fixed with commit 95a6d235661"
> > > * fixed for >=sys-devel/binutils-2.31.1
> > > * cherry-picked for gentoo/binutils-2.30 branch


> > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
> > > >   remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
> > > >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > > > (aka
> > > >   OOM). This can occur during execution of cxxfilt.
> > > 
> > > Problem is in libiberty.
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
> > No action yet.
> Dito


> > > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535):
> > > >   The ignore_section_sym function in elf.c in the Binary File Descriptor
> > > > (BFD)
> > > >   library (aka libbfd), as distributed in GNU Binutils 2.30, does not
> > > > validate
> > > >   the output_section pointer in the case of a symtab entry with a "SECTION"
> > > >   type that has a "0" value, which allows remote attackers to cause a denial
> > > >   of service (NULL pointer dereference and application crash) via a crafted
> > > >   file, as demonstrated by objcopy.
> > > 
> > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac
> > > * Fixed in >=sys-devel/binutils-2.31
> > > * cherry-picked for the gentoo/binutils-2.30 branch


> > > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534):
> > > >   The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the
> > > >   Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
> > > >   Binutils 2.30, processes a negative Data Directory size with an unbounded
> > > >   loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so
> > > >   that the address exceeds its own memory region, resulting in an
> > > >   out-of-bounds memory write, as demonstrated by objcopy copying private info
> > > >   with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
> > > 
> > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
> > > * Fixed in >=sys-devel/binutils-2.31
> > > * cherry-picked for the gentoo/binutils-2.30 branch


> > > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373):
> > > >   concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library
> > > > (aka
> > > >   libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to
> > > >   cause a denial of service (NULL pointer dereference and application crash)
> > > >   via a crafted binary file, as demonstrated by nm-new.
> > > 
> > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689
> > > * Fixed in >=sys-devel/binutils-2.31
> > > * cherry-picked for the gentoo/binutils-2.30 branch


> > > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372):
> > > >   process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers
> > > >   to cause a denial of service (heap-based buffer over-read and application
> > > >   crash) via a crafted binary file, as demonstrated by readelf.
> > > 
> > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d
> > > * Fixed in >=sys-devel/binutils-2.31
> > > * cherry-picked for the gentoo/binutils-2.30 branch
Comment 8 Andreas K. Hüttel gentoo-dev 2019-04-06 17:31:23 UTC
Removed vulnerabilities are now in bug 682702


> > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
> > > > >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> > > > >   GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
> > > > >   provided by libiberty, and there are recursive stack frames:
> > > > >   demangle_template_value_parm, demangle_integral_value, and
> > > > >   demangle_expression.
> > > > 
> > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
> > > > No action upstream so far.
> > > Dito
> > Dito


> > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
> > > > >   remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
> > > > >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > > > > (aka
> > > > >   OOM). This can occur during execution of cxxfilt.
> > > > 
> > > > Problem is in libiberty.
> > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
> > > No action yet.
> > Dito
Comment 9 Andreas K. Hüttel gentoo-dev 2019-06-29 14:32:10 UTC
> > > > > > CVE-2018-9996 (https://nvd.nist.gov/vuln/detail/CVE-2018-9996):
> > > > > >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> > > > > >   GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions
> > > > > >   provided by libiberty, and there are recursive stack frames:
> > > > > >   demangle_template_value_parm, demangle_integral_value, and
> > > > > >   demangle_expression.
> > > > > 
> > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
> > > > > No action upstream so far.
> > > > Dito
> > > Dito
Dito


> > > > > > CVE-2018-12934 (https://nvd.nist.gov/vuln/detail/CVE-2018-12934):
> > > > > >   remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU
> > > > > >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > > > > > (aka
> > > > > >   OOM). This can occur during execution of cxxfilt.
> > > > > 
> > > > > Problem is in libiberty.
> > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
> > > > No action yet.
> > > Dito
Dito
Comment 10 Andreas K. Hüttel gentoo-dev 2020-07-31 15:03:03 UTC
No new action.