Search CVE reports

1 – 10 of 29 results

Detailed view

Sort by:

CVE-2021-32256

Low priority

Needs evaluation

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

1 affected packages

libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libiberty	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

51 affected packages

binutils, gcc-10, gcc-11, gcc-12, gcc-13...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-10	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-11	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
gcc-12	Not affected	Not affected	Not in release	Ignored	Ignored
gcc-13	Not affected	Not in release	Not in release	Ignored	Ignored
gcc-3.3	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-4.4	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-4.6	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-4.7	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.7-armel-cross	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.7-armhf-cross	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.8	Not in release	Not in release	Not in release	Not affected	Not affected
gcc-4.8-arm64-cross	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.8-armhf-cross	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.8-powerpc-cross	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.8-ppc64el-cross	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-4.9	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-5	Not in release	Not in release	Not in release	Not affected	Not affected
gcc-5-cross	Not in release	Not in release	Not in release	Not affected	Not affected
gcc-6	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-6-cross	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-6-cross-ports	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-7	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-7-cross	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-7-cross-ports	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-8	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-8-cross	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-8-cross-ports	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-9	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-9-cross	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-9-cross-ports	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-arm-linux-androideabi	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-arm-none-eabi	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-avr	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-defaults	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-defaults-arm64-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-armel-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-armhf-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-powerpc-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-ppc64el-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-h8300-hms	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-i686-linux-android	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-m68hc1x	Not in release	Not affected	Not affected	Not affected	Not affected
gcc-mingw-w64	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-msp430	Not in release	Not affected	Not affected	Not affected	Not affected
gcc-opt	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-snapshot	Not affected	Not affected	Not affected	Not affected	Not affected
gccgo-4.9	Not in release	Not in release	Not in release	Not in release	Not in release
gccgo-6	Not in release	Not in release	Not in release	Not in release	Not affected
gdb	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
libiberty	Not affected	Vulnerable	Not affected	Not affected	Not affected

CVE-2022-27943

Low priority

Vulnerable

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

52 affected packages

binutils, crash, gcc-10, gcc-11, gcc-12...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Vulnerable	Not affected	Not affected	Not affected
crash	Not affected	Not affected	Not affected	Not affected	Not affected
gcc-10	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-11	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
gcc-12	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
gcc-13	Not affected	Not in release	Not in release	Not in release	Not in release
gcc-3.3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
gcc-4.4	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-4.6	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-4.7	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.7-armel-cross	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.7-armhf-cross	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.8	Not in release	Not in release	Not in release	Not affected	Not affected
gcc-4.8-arm64-cross	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.8-armhf-cross	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.8-powerpc-cross	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.8-ppc64el-cross	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-4.9	Not in release	Not in release	Not in release	Not in release	Not affected
gcc-5	Not in release	Not in release	Not in release	Not affected	Not affected
gcc-5-cross	Not in release	Not in release	Not in release	Not affected	Not affected
gcc-6	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-6-cross	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-6-cross-ports	Not in release	Not in release	Not in release	Not affected	Not in release
gcc-7	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-7-cross	Not in release	Not in release	Not in release	Needs evaluation	Not in release
gcc-7-cross-ports	Not in release	Not in release	Not in release	Needs evaluation	Not in release
gcc-8	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-8-cross	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
gcc-8-cross-ports	Not in release	Not in release	Not affected	Not affected	Not in release
gcc-9	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-9-cross	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-9-cross-ports	Not affected	Not affected	Not affected	Not in release	Not in release
gcc-arm-linux-androideabi	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-arm-none-eabi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-avr	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-defaults	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-defaults-arm64-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-armel-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-armhf-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-powerpc-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-defaults-ppc64el-cross	Not in release	Not in release	Not in release	Not in release	Not in release
gcc-h8300-hms	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-i686-linux-android	Not in release	Not in release	Not in release	Not in release	Needs evaluation
gcc-m68hc1x	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-mingw-w64	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-msp430	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-opt	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gcc-snapshot	Not affected	Ignored	Ignored	Not affected	Not affected
gccgo-4.9	Not in release	Not in release	Not in release	Not in release	Not in release
gccgo-6	Not in release	Not in release	Not in release	Not in release	Not affected
gdb	Not affected	Vulnerable	Not affected	Not affected	Not affected
libiberty	Not affected	Vulnerable	Not affected	Not affected	Not affected

CVE-2021-3530

Low priority

Vulnerable

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

3 affected packages

binutils, gdb, libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Not affected	Not affected
gdb	Not affected	Vulnerable	Not affected	Not affected	Not affected
libiberty	Not affected	Vulnerable	Not affected	Not affected	Not affected

CVE-2019-14250

Medium priority

Some fixes available 4 of 8

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer...

2 affected packages

binutils, libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Fixed	Fixed
libiberty	Not affected	Not affected	Not affected	Fixed	Fixed

CVE-2019-9071

Low priority

Some fixes available 4 of 9

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

2 affected packages

binutils, libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Fixed	Fixed
libiberty	Not affected	Not affected	Not affected	Fixed	Fixed

CVE-2019-9070

Low priority

Some fixes available 4 of 9

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

2 affected packages

binutils, libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Fixed	Fixed
libiberty	Not affected	Not affected	Not affected	Fixed	Fixed

CVE-2018-20712

Low priority

Vulnerable

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as...

1 affected packages

libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libiberty	Not affected	Not affected	Not affected	Not affected	Vulnerable

CVE-2018-18701

Low priority

Some fixes available 4 of 9

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual()...

2 affected packages

binutils, libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Fixed	Fixed
libiberty	Not affected	Not affected	Not affected	Fixed	Fixed

CVE-2018-18700

Low priority

Some fixes available 4 of 9

2 affected packages

binutils, libiberty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
binutils	Not affected	Not affected	Not affected	Fixed	Fixed
libiberty	Not affected	Not affected	Not affected	Fixed	Fixed

Export to JSON

Results by page: