Denial of Service Vulnerability in GNU Libiberty Library
CVE-2016-6131

7.5HIGH

Key Information:

Vendor
Gnu
Status
Libiberty
Vendor
CVE Published:
7 February 2017

Summary

The demangler component of the GNU Libiberty library is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by triggering a cycle in the references of remembered mangled types, leading to an infinite loop, stack overflow, or crashes. It is crucial for system administrators and developers to ensure their systems are not exposing this vulnerability by keeping the library updated and adopting security best practices.

References

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/06/30/4
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/91519
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.