A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.
Out-of-bounds Read
NULL Pointer Dereference
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/binutils | deb | debian | 12 | >=2.40-2 | Not yet available |
| debian/binutils | deb | debian | 13 | >=2.42-4 | Not yet available |
| debian/binutils | deb | debian | 10 | >=2.31.1-16 | Not yet available |
| debian/binutils | deb | debian | unstable | >=2.42-4 | Not yet available |
| debian/binutils | deb | debian | 11 | >=2.35.2-2 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.8
-
2.8
1.0
-
-