GCC v12.0 was discovered to contain an uncontrolled recursion via the
component libiberty/rust-demangle.c. This vulnerability allows attackers to
cause a Denial of Service (DoS) by consuming excessive CPU and memory
resources.
Author | Note |
---|---|
sbeattie | gcc-3.3 only provides libstdc++5 gcc-msp430 is based on gcc-4.6.3 gcc-m68hc1x is based on gcc-3.3.6 gcc-h8300-hms is based on gcc-3.4.6 |
sbeattie | gcc-i686-linux-android and gcc-arm-linux-androideabi are based on gcc-4.7 |
litios | affected function introduced in gcc-11 |
mdeslaur | This is the same CVE as CVE-2021-3530, but applied to GCC |
eslerm | libiberty and binutils tracked as CVE-2021-3530 |
eslerm | affected function, demangler_path, introduced on 2020-11-13 in 11.1.0 with 84096498a7b (“libiberty: Support the new (“v0”) mangling scheme in rust-demangle”) |
mdeslaur | GCC fix on 2022-01-31 in 12.1.0 with f10bec5ffa4 (“libiberty: Fix infinite recursion in rust demangler.”) |