Bugzilla – Bug 1192900
VUL-1: CVE-2021-37322: binutils: use-after-free vulnerability in cplus-dem.c.
Last modified: 2022-05-09 08:55:27 UTC
CVE-2021-37322 GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37322 http://www.cvedetails.com/cve/CVE-2021-37322/ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
Regarding the last comment in the gcc bugzilla entry, it does not seem that this bug will be patched. I am investigating to find if a patch has been provided anyway.
Wow, a CVE entry from 2021 for something that was fixed in 2018 latest. Please close this, the problematic code for this was removed from binutils in January 2019: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=1910070b298052d7ca8e4024891465824588c1e9 the only code stream affected might be sle11, for which we wouldn't consider any change for this.
Closing as WONTFIX. The only codestream affected would be SLE-11-SP1:Update:Teradata, the rest are already fixed as Michael said.