Missing Release of Resource after Effective Lifetime in binutils

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime. The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Remediation

There is no fixed version for binutils.

References

ADVISORY
BID
CONFIRM
MISC
REDHAT

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2018-20657
CWE: CWE-772
Snyk ID: SNYK-UBUNTU1804-BINUTILS-842776
Disclosed: 02 Jan, 2019
Published: 17 Sep, 2020

Missing Release of Resource after Effective Lifetime
Affecting binutils package, versions *

Overview

Remediation

References

CVSS Score

Missing Release of Resource after Effective Lifetime Affecting binutils package, versions *

Overview

Remediation

References

Missing Release of Resource after Effective Lifetime
Affecting binutils package, versions *