Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 652060 (CVE-2018-9138) - sys-devel/binutils: Stack Exhaustion
Summary: sys-devel/binutils: Stack Exhaustion
Status: RESOLVED INVALID
Alias: CVE-2018-9138
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-31 02:13 UTC by Michael Boyle
Modified: 2018-11-30 23:55 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Boyle 2018-03-31 02:13:19 UTC
CVE-2018-9138:

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.
Comment 1 Andreas K. Hüttel gentoo-dev 2018-04-29 19:38:09 UTC
(In reply to Michael Boyle from comment #0)
> CVE-2018-9138:
> 
> An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++
> demangling functions provided by libiberty, and there are recursive stack
> frames: demangle_nested_args, demangle_args, do_arg, and do_type.

Still under debate upstream whether this is real, no fix committed
Comment 2 Andreas K. Hüttel gentoo-dev 2018-11-30 23:09:56 UTC
Upstream conclusion seems to be "working as expected"
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-11-30 23:55:05 UTC
(In reply to Andreas K. Hüttel from comment #2)
> Upstream conclusion seems to be "working as expected"

Agree.