CVE-2018-18484

MEDIUM

GNU libiberty <2.31 - Use After Free

Title source: llm

Description

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.

References (6)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105693

[Exploit, Issue Tracking, Third Party Advisory] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636

[Vendor Advisory] https://usn.ubuntu.com/4326-1/

[Vendor Advisory] https://usn.ubuntu.com/4336-1/

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-674

Status published

Affected Products (1)

gnu/binutils

Timeline

Published Oct 18, 2018

Tracked Since Feb 18, 2026