Description
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
References (7)
Core 7
Core References
Exploit, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=23057
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104539
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-01
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4326-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4336-1/
Scores
CVSS v3
7.5
EPSS
0.0204
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
canonical/ubuntu_linux
16.04.4
gnu/binutils
2.30
Published
Jun 23, 2018
Tracked Since
Feb 18, 2026