5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.8%
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in
demangle_const, as demonstrated by nm-new.
Author | Note |
---|---|
sbeattie | gcc-3.3 only provides libstdc++5 |
litios | affected code introduced in gcc-11.1.0 on 2020-11-13 with 84096498a7b (“libiberty: Support the new (“v0”) mangling scheme in rust-demangle”) |
litios | affected code introduced in binutils in d750c713 |
eslerm | fixed in gcc-13.1.0 on 2022-07-01 with 9234cdca6ee ("Add a recursion limit to the demangle_const function in the fixed in binutils-2_39 on 2020-01-31 with f10f8617a30 (“Import patch from mainline GCC to fix an infinite recusion in the Rust demangler.”) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | binutils | < any | UNKNOWN |
ubuntu | 22.04 | noarch | gcc-11 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | gcc-11 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | gcc-11 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | gcc-12 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | gcc-12 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | gcc-12 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | gcc-3.3 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | gcc-4.7 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | gcc-4.7-armel-cross | < any | UNKNOWN |
gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371
gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79
gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead
gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html
launchpad.net/bugs/cve/CVE-2022-27943
nvd.nist.gov/vuln/detail/CVE-2022-27943
security-tracker.debian.org/tracker/CVE-2022-27943
www.cve.org/CVERecord?id=CVE-2022-27943
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.8%