Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 836239 (CVE-2022-27943) - sys-devel/gcc: stack overflow in libiberty rust-demangle
Summary: sys-devel/gcc: stack overflow in libiberty rust-demangle
Status: CONFIRMED
Alias: CVE-2022-27943
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://gcc.gnu.org/bugzilla/show_bug...
Whiteboard: A3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-27 01:01 UTC by John Helmert III
Modified: 2022-08-14 19:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-27 01:01:54 UTC
CVE-2022-27943:

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

Proposed patch: https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2022-04-25 22:28:18 UTC
(In reply to John Helmert III from comment #0)
> CVE-2022-27943:
> 
> libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in
> demangle_const, as demonstrated by nm-new.
> 
> Proposed patch:
> https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html

This needs to be handled upstream first.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 19:35:16 UTC
Looks like this is committed upstream as 9234cdca6ee88badfc00297e72f13dac4e540c79 but in no releases.