Bug 1099615 - (CVE-2018-12934) VUL-1: CVE-2018-12934: binutils: remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils2.30, allows attackers to trigger excessive memory consumption (aka OOM). Thiscan occur during execution of cxxfilt.
(CVE-2018-12934)
VUL-1: CVE-2018-12934: binutils: remember_Ktype in cplus-dem.c in GNU libiber...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Michael Matz
Security Team bot
https://smash.suse.de/issue/209139/
CVSSv3:SUSE:CVE-2018-12934:5.5:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-29 05:37 UTC by Marcus Meissner
Modified: 2021-09-14 13:37 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
oom (93 bytes, application/octet-stream)
2018-06-29 05:59 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-06-29 05:37:02 UTC
CVE-2018-12934

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils
2.30, allows attackers to trigger excessive memory consumption (aka OOM). This
can occur during execution of cxxfilt.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12934
https://sourceware.org/bugzilla/show_bug.cgi?id=23059
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101
Comment 1 Marcus Meissner 2018-06-29 05:59:14 UTC
Created attachment 775647 [details]
oom

QA REPRODUCER:

c++filt < oom

will use lots of memory untikl killed