CVE-2022-27943: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Proposed patch: https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html
(In reply to John Helmert III from comment #0) > CVE-2022-27943: > > libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in > demangle_const, as demonstrated by nm-new. > > Proposed patch: > https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html This needs to be handled upstream first.
Looks like this is committed upstream as 9234cdca6ee88badfc00297e72f13dac4e540c79 but in no releases.
Looks like this is only in releases 13.1 and beyond, but also in our snapshot gcc-13.0.0_pre20220710 and beyond. ~/git/gcc $ git tag --contains 9234cdca6ee88badfc00297e72f13dac4e540c79 basepoints/gcc-14 releases/gcc-13.1.0 releases/gcc-13.2.0 ~/git/gcc $ git log --all --grep "Add a recursion limit to the demangle_const function in the Rust demangler." commit 9234cdca6ee88badfc00297e72f13dac4e540c79 Author: Nick Clifton <nickc@redhat.com> Date: Fri Jul 1 15:58:52 2022 +0100 Add a recursion limit to the demangle_const function in the Rust demangler. libiberty/ PR demangler/105039 * rust-demangle.c (demangle_const): Add recursion limit.
libiberty is a bundled library in GCC, binutils, gdb and it's only exposed in some narrow ways. I don't think this is exploitable at all, hence A->C.