CLSA-2026-1779218750 gcc: Fix of 2 CVEs

CVE-2021-3826: fix buffer overflow in dlanglname function to prevent denial of service - CVE-2021-46195: fix infinite recursion in rust demangler to prevent denial of service...

MiracleLinux 9 : gdb-10.2-11.el9 (AXSA:2023-6781:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6781:02 advisory. libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 Tenable has extracted the preceding description block directly...

GNU BinUtils 安全漏洞

GNU BinUtils is a collection of programming tools for working with binary files from the US GNU community. A security vulnerability exists in GNU BinUtils version 2.26, which stems from the improper handling of specially crafted PE files by the dunqualifiedname function in the cp-demangle.c file,...

EUVD-2017-5233

Malware in sbrugna...

EUVD-2016-7065

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of...

CVE-2023-40022

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

SUSE CVE-2016-6131

The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types...

SUSE CVE-2017-13716

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted file, as demonstrated by a call from the Binary File Descriptor BFD library aka...

SUSE CVE-2018-9138

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglenestedargs, demangleargs, doarg, and dotype...

ALPINE-CVE-2018-20712

A heap-based buffer over-read exists in the function dexpression1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt...

llvm/llvm-microsoft-demangle-fuzzer: Global-buffer-overflow in llvm::ms_demangle::Demangler::demangleFunctionIdentifierCode

Project: https://github.com/llvm/llvm-project.git Detailed report: https://oss-fuzz.com/testcase?key=5696128606011392 Project: llvm Fuzzer: libFuzzerllvmllvm-microsoft-demangle-fuzzer Fuzz target binary: llvm-microsoft-demangle-fuzzer Job Type: libfuzzerasanllvm Platform Id: linux Crash Type:...

DEBIAN-CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

UBUNTU-CVE-2018-12641

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

CVE-2017-13716

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted file, as demonstrated by a call from the Binary File Descriptor BFD library aka...

GNU Binutils C++ symbol demangler routine denial of service vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for working with target files and archives. libiberty is one of the librarie...

CVE-2017-13716

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted file, as demonstrated by a call from the Binary File Descriptor BFD library aka...