What is the vulnerability ID?

The vulnerability ID is CVE-2016-6131.

What is the title of the vulnerability?

The title of the vulnerability is 'The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.'

What is the description of the vulnerability?

The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

What software is affected by this vulnerability?

The following software is affected: libiberty (version 20131116-1ubuntu0.2 and 20160215-1ubuntu0.2), valgrind (version 1:3.10.1-1ubuntu3~14.5, 1:3.11.0-1ubuntu4.2, and 1:3.12.0~), gdb (version 7.7.1-0ubuntu5~14.04.3 and 7.11.1-0ubuntu1~16.5), binutils (version 2.26.1-1ubuntu1~16.04.8+, 2.28, 2.31.1-16, 2.35.2-2, 2.40-2, and 2.41-5), and ht (version 2.1.0+repack1-3 and 2.1.0+repack1-5).

What is the remedy for the vulnerability?

To fix the vulnerability, update the affected software to the following versions: libiberty (20131116-1ubuntu0.2 and 20160215-1ubuntu0.2), valgrind (1:3.10.1-1ubuntu3~14.5, 1:3.11.0-1ubuntu4.2, and 1:3.12.0~), gdb (7.7.1-0ubuntu5~14.04.3 and 7.11.1-0ubuntu1~16.5), binutils (2.26.1-1ubuntu1~16.04.8+ and 2.28), and ht (2.1.0+repack1-3 and 2.1.0+repack1-5).

Vulnerability/
CVE-2016-6131

high

7.5

CWE

7/2/2017

6/8/2024

CVE-2016-6131: Input Validation

First published: Tue Feb 07 2017(Updated: )

Last updated 24 July 2024

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
GNU libiberty
debian/binutils		2.35.2-2 2.40-2 2.43.1-5
debian/ht		2.1.0+repack1-5
debian/libiberty		20210106-1 20230104-1 20240117-1 20241020-1

Remedy

https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2016-6131.
What is the title of the vulnerability?
The title of the vulnerability is 'The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.'
What is the description of the vulnerability?
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
What software is affected by this vulnerability?
The following software is affected: libiberty (version 20131116-1ubuntu0.2 and 20160215-1ubuntu0.2), valgrind (version 1:3.10.1-1ubuntu3~14.5, 1:3.11.0-1ubuntu4.2, and 1:3.12.0~), gdb (version 7.7.1-0ubuntu5~14.04.3 and 7.11.1-0ubuntu1~16.5), binutils (version 2.26.1-1ubuntu1~16.04.8+, 2.28, 2.31.1-16, 2.35.2-2, 2.40-2, and 2.41-5), and ht (version 2.1.0+repack1-3 and 2.1.0+repack1-5).
What is the remedy for the vulnerability?
To fix the vulnerability, update the affected software to the following versions: libiberty (20131116-1ubuntu0.2 and 20160215-1ubuntu0.2), valgrind (1:3.10.1-1ubuntu3~14.5, 1:3.11.0-1ubuntu4.2, and 1:3.12.0~), gdb (7.7.1-0ubuntu5~14.04.3 and 7.11.1-0ubuntu1~16.5), binutils (2.26.1-1ubuntu1~16.04.8+ and 2.28), and ht (2.1.0+repack1-3 and 2.1.0+repack1-5).

collector/nvd-index
collector/launchpad-cve
source/Launchpad
agent/type
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
collector/security-tracker-debian
source/Debian
agent/references
agent/remedy
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/gnu
canonical/gnu libiberty
package-manager/debian