Integer Overflow Vulnerability in Libiberty Affects GCC
CVE-2016-4490

5.5MEDIUM

Key Information:

Vendor
Gnu
Status
Libiberty
Vendor
CVE Published:
24 February 2017

Summary

An integer overflow vulnerability in the cp-demangle.c file of the libiberty component of GCC can be exploited by remote attackers. By crafting a specific binary, an attacker can trigger a denial of service condition, leading to segmentation faults and crashes. This issue arises from inconsistent handling of type lengths, particularly between long and int types, which may lead to serious instability and service disruption when analyzing untrusted binaries.

References

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/05/05/5
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/90019
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.