CVE-2018-12698
Last modified
CVE-2018-12698 is a vulnerability of currently unknown severity. demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.. EPSS estimates a 6.69% chance of exploitation in the next 30 days.
Description
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.30 |
| Canonical | Ubuntu Linux | 16.04.4 |
References
- http://www.securityfocus.com/bid/104539Third Party Advisory, VDB Entry
- https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102Exploit, Third Party Advisory
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454Exploit, Issue Tracking, Vendor Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=23057Exploit, Issue Tracking, Third Party Advisory
- http://www.securityfocus.com/bid/104539Third Party Advisory, VDB Entry
- https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102Exploit, Third Party Advisory
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454Exploit, Issue Tracking, Vendor Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=23057Exploit, Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12698?
How severe is CVE-2018-12698?
How do I fix CVE-2018-12698?
Are you affected by CVE-2018-12698?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST