Vulnerability Description
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.30 |
| Canonical | Ubuntu Linux | 16.04.4 |
References
- http://www.securityfocus.com/bid/104539Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102ExploitThird Party Advisory
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454ExploitIssue TrackingVendor Advisory
- https://security.gentoo.org/glsa/201908-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=23057ExploitIssue TrackingThird Party Advisory
- https://usn.ubuntu.com/4326-1/
- https://usn.ubuntu.com/4336-1/
- http://www.securityfocus.com/bid/104539Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102ExploitThird Party Advisory
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454ExploitIssue TrackingVendor Advisory
- https://security.gentoo.org/glsa/201908-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=23057ExploitIssue TrackingThird Party Advisory
- https://usn.ubuntu.com/4326-1/
- https://usn.ubuntu.com/4336-1/
FAQ
What is CVE-2018-12698?
CVE-2018-12698 is a vulnerability with a CVSS score of 7.5 (HIGH). demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the te...
How severe is CVE-2018-12698?
CVE-2018-12698 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12698?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils, Canonical Ubuntu Linux.