Bug 1192900 - (CVE-2021-37322) VUL-1: CVE-2021-37322: binutils: use-after-free vulnerability in cplus-dem.c.
(CVE-2021-37322)
VUL-1: CVE-2021-37322: binutils: use-after-free vulnerability in cplus-dem.c.
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Michael Matz
Security Team bot
https://smash.suse.de/issue/315352/
CVSSv3.1:SUSE:CVE-2021-37322:4.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-19 16:21 UTC by Thomas Leroy
Modified: 2022-05-09 08:55 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2021-11-19 16:21:36 UTC
CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via
the component cplus-dem.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37322
http://www.cvedetails.com/cve/CVE-2021-37322/
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
Comment 1 Thomas Leroy 2021-11-19 16:27:55 UTC
Regarding the last comment in the gcc bugzilla entry, it does not seem that this bug will be patched. I am investigating to find if a patch has been provided anyway.
Comment 2 Michael Matz 2021-12-06 16:07:08 UTC
Wow, a CVE entry from 2021 for something that was fixed in 2018 latest.
Please close this, the problematic code for this was removed from binutils
in January 2019:

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=1910070b298052d7ca8e4024891465824588c1e9

the only code stream affected might be sle11, for which we wouldn't consider
any change for this.
Comment 3 Carlos López 2022-05-09 08:52:50 UTC
Closing as WONTFIX. The only codestream affected would be SLE-11-SP1:Update:Teradata, the rest are already fixed as Michael said.