CVE-2016-4491 - OpenCVE

The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Libiberty

Configuration 1 [-]

cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2016/05/05/5
http://www.securityfocus.com/bid/90016
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
https://nvd.nist.gov/vuln/detail/CVE-2016-4491
https://www.cve.org/CVERecord?id=CVE-2016-4491

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-02-24T20:00:00

Updated: 2024-08-06T00:32:25.393Z

Reserved: 2016-05-05T00:00:00

Link: CVE-2016-4491

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-02-24T20:59:00.517

Modified: 2017-07-28T01:29:01.487

Link: CVE-2016-4491

Redhat

Severity : Low

Publid Date: 2016-05-02T00:00:00Z

Links: CVE-2016-4491 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909"}, {"name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"name": "90016", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90016"}, {"name": "[gcc-patches] 20160502 Fix for PR70909 in Libiberty Demangler (4)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4491", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", "refsource": "CONFIRM", "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909"}, {"name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"name": "90016", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90016"}, {"name": "[gcc-patches] 20160502 Fix for PR70909 in Libiberty Demangler (4)", "refsource": "MLIST", "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:25.393Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909"}, {"name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"name": "90016", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90016"}, {"name": "[gcc-patches] 20160502 Fix for PR70909 in Libiberty Demangler (4)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4491", "datePublished": "2017-02-24T20:00:00", "dateReserved": "2016-05-05T00:00:00", "dateUpdated": "2024-08-06T00:32:25.393Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*", "matchCriteriaId": "531D74B4-D723-4ADB-B38D-0F16F468C9B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\""}, {"lang": "es", "value": "La funci\u00f3n d_print_comp en cp-demangle.c en libiberty permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de segmentaci\u00f3n y ca\u00edda) a trav\u00e9s de un binario manipulado, que desencadena recursi\u00f3n infinita y un desbordamiento de b\u00fafer, relacionado con un nodo que se tiene \"a s\u00ed mismo como ancestro m\u00e1s de una vez\"."}], "id": "CVE-2016-4491", "lastModified": "2017-07-28T01:29:01.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-24T20:59:00.517", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90016"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gcc: Stack overflow due to infinite recursion in d_print_comp", "id": "1333371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333371"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "details": ["The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\""], "name": "CVE-2016-4491", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils220", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-295", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-296", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gcc44", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-295", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-296", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-gcc-44", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4491\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4491\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909"], "threat_severity": "Low"}