First published: Thu Oct 04 2018(Updated: )
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.31 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17985 is a vulnerability in GNU libiberty, as distributed in GNU Binutils 2.31, that causes a stack consumption problem in certain scenarios involving many 'P' characters.
Users of GNU Binutils 2.31 are affected by CVE-2018-17985.
To fix CVE-2018-17985, upgrade to binutils version 2.35.2-2, 2.40-2, or 2.41-5.
Yes, you can find references for CVE-2018-17985 at the following links: [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335), [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html), [http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html)