102702 – libiberty: heap/stack buffer overflow when decoding user input

Bug 102702 - libiberty: heap/stack buffer overflow when decoding user input

Summary: libiberty: heap/stack buffer overflow when decoding user input

Status:	UNCONFIRMED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	demangler (show other bugs)
Version:	11.2.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:	https://gcc.gnu.org/pipermail/gcc-pat...
Keywords:	patch

Depends on:
Blocks:

Reported:	2021-10-12 12:52 UTC by Luís Ferreira
Modified:	2021-10-12 19:31 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luís Ferreira 2021-10-12 12:52:49 UTC

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault or crash) via a crafted mangled symbol.

Example of affected symbols "_D2FGWG44444444444444444EQe", "_D4c?441_Qe_4DmD_i==========UUUqU", "_D33dddQ_D2HHHHDVV_D33dddQDVVHHDQN188Qr" and "_D8ee2_1111Qe".

A CVE was already assigned by Red Hat: CVE-2021-3826: libiberty: heap/stack buffer overflow in the dlang_lname function in d-demangle.c

Comment 1 Luís Ferreira 2021-10-12 12:54:43 UTC

Submitted patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html