Search CVE reports


Toggle filters

1 – 10 of 29 results


CVE-2021-32256

Low priority
Needs evaluation

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

1 affected packages

libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libiberty Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3826

Low priority
Vulnerable

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

51 affected packages

binutils, gcc-10, gcc-11, gcc-12, gcc-13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Not affected Not affected
gcc-10 Not affected Not affected Not affected Not in release Not in release
gcc-11 Vulnerable Vulnerable Not in release Not in release Not in release
gcc-12 Not affected Not affected Not in release Ignored Ignored
gcc-13 Not affected Not in release Not in release Ignored Ignored
gcc-3.3 Not affected Not affected Not affected Not affected Not affected
gcc-4.4 Not in release Not in release Not in release Not in release Not in release
gcc-4.6 Not in release Not in release Not in release Not in release Not in release
gcc-4.7 Not in release Not in release Not in release Not in release Not affected
gcc-4.7-armel-cross Not in release Not in release Not in release Not in release Not affected
gcc-4.7-armhf-cross Not in release Not in release Not in release Not in release Not affected
gcc-4.8 Not in release Not in release Not in release Not affected Not affected
gcc-4.8-arm64-cross Not in release Not in release Not in release Not in release Not affected
gcc-4.8-armhf-cross Not in release Not in release Not in release Not in release Not affected
gcc-4.8-powerpc-cross Not in release Not in release Not in release Not in release Not affected
gcc-4.8-ppc64el-cross Not in release Not in release Not in release Not in release Not affected
gcc-4.9 Not in release Not in release Not in release Not in release Not affected
gcc-5 Not in release Not in release Not in release Not affected Not affected
gcc-5-cross Not in release Not in release Not in release Not affected Not affected
gcc-6 Not in release Not in release Not in release Not affected Not in release
gcc-6-cross Not in release Not in release Not in release Not affected Not in release
gcc-6-cross-ports Not in release Not in release Not in release Not affected Not in release
gcc-7 Not in release Not in release Not affected Not affected Not in release
gcc-7-cross Not in release Not in release Not in release Not affected Not in release
gcc-7-cross-ports Not in release Not in release Not in release Not affected Not in release
gcc-8 Not in release Not in release Not affected Not affected Not in release
gcc-8-cross Not in release Not in release Not affected Not affected Not in release
gcc-8-cross-ports Not in release Not in release Not affected Not affected Not in release
gcc-9 Not affected Not affected Not affected Not in release Not in release
gcc-9-cross Not affected Not affected Not affected Not in release Not in release
gcc-9-cross-ports Not affected Not affected Not affected Not in release Not in release
gcc-arm-linux-androideabi Not in release Not in release Not in release Not in release Not affected
gcc-arm-none-eabi Not affected Not affected Not affected Not affected Not affected
gcc-avr Not affected Not affected Not affected Not affected Not affected
gcc-defaults Not affected Not affected Not affected Not affected Not affected
gcc-defaults-arm64-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armel-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armhf-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-powerpc-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-ppc64el-cross Not in release Not in release Not in release Not in release Not in release
gcc-h8300-hms Not affected Not affected Not affected Not affected Not affected
gcc-i686-linux-android Not in release Not in release Not in release Not in release Not affected
gcc-m68hc1x Not in release Not affected Not affected Not affected Not affected
gcc-mingw-w64 Not affected Not affected Not affected Not affected Not affected
gcc-msp430 Not in release Not affected Not affected Not affected Not affected
gcc-opt Not affected Not affected Not affected Not affected Not affected
gcc-snapshot Not affected Not affected Not affected Not affected Not affected
gccgo-4.9 Not in release Not in release Not in release Not in release Not in release
gccgo-6 Not in release Not in release Not in release Not in release Not affected
gdb Not affected Not affected Not affected Needs evaluation Needs evaluation
libiberty Not affected Vulnerable Not affected Not affected Not affected
Show all 51 packages Show less packages

CVE-2022-27943

Low priority
Vulnerable

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

52 affected packages

binutils, crash, gcc-10, gcc-11, gcc-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Vulnerable Not affected Not affected Not affected
crash Not affected Not affected Not affected Not affected Not affected
gcc-10 Not affected Not affected Not affected Not in release Not in release
gcc-11 Vulnerable Vulnerable Not in release Not in release Not in release
gcc-12 Vulnerable Vulnerable Not in release Not in release Not in release
gcc-13 Not affected Not in release Not in release Not in release Not in release
gcc-3.3 Not affected Not affected Not affected Not affected Needs evaluation
gcc-4.4 Not in release Not in release Not in release Not in release Not in release
gcc-4.6 Not in release Not in release Not in release Not in release Not in release
gcc-4.7 Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.7-armel-cross Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.7-armhf-cross Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.8 Not in release Not in release Not in release Not affected Not affected
gcc-4.8-arm64-cross Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.8-armhf-cross Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.8-powerpc-cross Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.8-ppc64el-cross Not in release Not in release Not in release Not in release Needs evaluation
gcc-4.9 Not in release Not in release Not in release Not in release Not affected
gcc-5 Not in release Not in release Not in release Not affected Not affected
gcc-5-cross Not in release Not in release Not in release Not affected Not affected
gcc-6 Not in release Not in release Not in release Not affected Not in release
gcc-6-cross Not in release Not in release Not in release Not affected Not in release
gcc-6-cross-ports Not in release Not in release Not in release Not affected Not in release
gcc-7 Not in release Not in release Not affected Not affected Not in release
gcc-7-cross Not in release Not in release Not in release Needs evaluation Not in release
gcc-7-cross-ports Not in release Not in release Not in release Needs evaluation Not in release
gcc-8 Not in release Not in release Not affected Not affected Not in release
gcc-8-cross Not in release Not in release Needs evaluation Needs evaluation Not in release
gcc-8-cross-ports Not in release Not in release Not affected Not affected Not in release
gcc-9 Not affected Not affected Not affected Not in release Not in release
gcc-9-cross Not affected Not affected Not affected Not in release Not in release
gcc-9-cross-ports Not affected Not affected Not affected Not in release Not in release
gcc-arm-linux-androideabi Not in release Not in release Not in release Not in release Needs evaluation
gcc-arm-none-eabi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-avr Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-defaults Not affected Not affected Not affected Not affected Not affected
gcc-defaults-arm64-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armel-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armhf-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-powerpc-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-ppc64el-cross Not in release Not in release Not in release Not in release Not in release
gcc-h8300-hms Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-i686-linux-android Not in release Not in release Not in release Not in release Needs evaluation
gcc-m68hc1x Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-mingw-w64 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-msp430 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-opt Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gcc-snapshot Not affected Ignored Ignored Not affected Not affected
gccgo-4.9 Not in release Not in release Not in release Not in release Not in release
gccgo-6 Not in release Not in release Not in release Not in release Not affected
gdb Not affected Vulnerable Not affected Not affected Not affected
libiberty Not affected Vulnerable Not affected Not affected Not affected
Show all 52 packages Show less packages

CVE-2021-3530

Low priority

Some fixes available 1 of 6

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

3 affected packages

binutils, gdb, libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Not affected Not affected
gdb Not affected Fixed Not affected Not affected Not affected
libiberty Not affected Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2019-14250

Medium priority

Some fixes available 4 of 8

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer...

2 affected packages

binutils, libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Fixed Fixed
libiberty Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-9071

Low priority

Some fixes available 4 of 9

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

2 affected packages

binutils, libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Fixed Fixed
libiberty Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-9070

Low priority

Some fixes available 4 of 9

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

2 affected packages

binutils, libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Fixed Fixed
libiberty Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-20712

Low priority
Vulnerable

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as...

1 affected packages

libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libiberty Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2018-18701

Low priority

Some fixes available 4 of 9

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual()...

2 affected packages

binutils, libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Fixed Fixed
libiberty Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-18700

Low priority

Some fixes available 4 of 9

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(),...

2 affected packages

binutils, libiberty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
binutils Not affected Not affected Not affected Fixed Fixed
libiberty Not affected Not affected Not affected Fixed Fixed
Show less packages