1. CVE-Search
  2. CVE-2018-20657
ID CVE-2018-20657
Summary The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-11-2019 - 01:15)
Impact:
Exploitability:
CWE CWE-772
CAPEC
  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1664708
title CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment gdb is earlier than 0:8.2-6.el8
          oval oval:com.redhat.rhsa:tst:20193352001
        • comment gdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130522002
      • AND
        • comment gdb-debugsource is earlier than 0:8.2-6.el8
          oval oval:com.redhat.rhsa:tst:20193352003
        • comment gdb-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193352004
      • AND
        • comment gdb-doc is earlier than 0:8.2-6.el8
          oval oval:com.redhat.rhsa:tst:20193352005
        • comment gdb-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193352006
      • AND
        • comment gdb-gdbserver is earlier than 0:8.2-6.el8
          oval oval:com.redhat.rhsa:tst:20193352007
        • comment gdb-gdbserver is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130522004
      • AND
        • comment gdb-headless is earlier than 0:8.2-6.el8
          oval oval:com.redhat.rhsa:tst:20193352009
        • comment gdb-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193352010
rhsa
id RHSA-2019:3352
released 2019-11-05
severity Low
title RHSA-2019:3352: gdb security, bug fix, and enhancement update (Low)
rpms
  • gdb-0:8.2-6.el8
  • gdb-debuginfo-0:8.2-6.el8
  • gdb-debugsource-0:8.2-6.el8
  • gdb-doc-0:8.2-6.el8
  • gdb-gdbserver-0:8.2-6.el8
  • gdb-headless-0:8.2-6.el8
refmap via4
bid 106444
confirm https://support.f5.com/csp/article/K62602089
misc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
Last major update 06-11-2019 - 01:15
Published 02-01-2019 - 14:29
Last modified 06-11-2019 - 01:15
Back to Top