CVE-2018-12698

Description

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

How to fix CVE-2018-12698

To remediate CVE-2018-12698, upgrade the affected package to a fixed version below.

Debian/binutils—upgrade to 2.32.51.20190707-1 or later

Is CVE-2018-12698 being exploited?

Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.32.51.20190707-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-12698