Bug 102702 - libiberty: heap/stack buffer overflow when decoding user input
Summary: libiberty: heap/stack buffer overflow when decoding user input
Status: UNCONFIRMED
Alias: None
Product: gcc
Classification: Unclassified
Component: demangler (show other bugs)
Version: 11.2.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL: https://gcc.gnu.org/pipermail/gcc-pat...
Keywords: patch
Depends on:
Blocks:
 
Reported: 2021-10-12 12:52 UTC by Luís Ferreira
Modified: 2021-10-12 19:31 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luís Ferreira 2021-10-12 12:52:49 UTC
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault or crash) via a crafted mangled symbol.

Example of affected symbols "_D2FGWG44444444444444444EQe", "_D4c?441_Qe_4DmD_i==========UUUqU", "_D33dddQ_D2HHHHDVV_D33dddQDVVHHDQN188Qr" and "_D8ee2_1111Qe".

A CVE was already assigned by Red Hat: CVE-2021-3826: libiberty: heap/stack buffer overflow in the dlang_lname function in d-demangle.c
Comment 1 Luís Ferreira 2021-10-12 12:54:43 UTC
Submitted patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html