First published: Sat Oct 27 2018(Updated: )
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.31 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-18701 is a stack consumption vulnerability in GNU libiberty, as distributed in GNU Binutils 2.31.
CVE-2018-18701 allows remote attackers to cause a denial of service (DoS) by leveraging the vulnerability.
Versions 2.26.1-1ubuntu1~16.04.8+ and 2.30-21ubuntu1~18.04.3 of binutils, and versions 20170913-1ubuntu0.1, 20190122-1, and 20160215-1ubuntu0.3 of libiberty are affected by CVE-2018-18701.
To fix CVE-2018-18701, update to the patched versions of binutils and libiberty.
You can find more information about CVE-2018-18701 at the following references: [link1], [link2], [link3].