CVE-2016-4493 - OpenCVE

The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Libiberty

Configuration 1 [-]

cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2016/05/05/5
http://www.securityfocus.com/bid/90014
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html
https://nvd.nist.gov/vuln/detail/CVE-2016-4493
https://www.cve.org/CVERecord?id=CVE-2016-4493

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-02-24T20:00:00

Updated: 2024-08-06T00:32:25.632Z

Reserved: 2016-05-05T00:00:00

Link: CVE-2016-4493

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-02-24T20:59:00.597

Modified: 2017-07-28T01:29:01.580

Link: CVE-2016-4493

Redhat

Severity : Low

Publid Date: 2016-05-03T00:00:00Z

Links: CVE-2016-4493 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-03T00:00:00", "descriptions": [{"lang": "en", "value": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[gcc-patches] 20160503 Fix for PR70926 in Libiberty Demangler (5)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"}, {"name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926"}, {"name": "90014", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90014"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4493", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[gcc-patches] 20160503 Fix for PR70926 in Libiberty Demangler (5)", "refsource": "MLIST", "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"}, {"name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", "refsource": "CONFIRM", "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926"}, {"name": "90014", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90014"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:25.632Z"}, "title": "CVE Program Container", "references": [{"name": "[gcc-patches] 20160503 Fix for PR70926 in Libiberty Demangler (5)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"}, {"name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926"}, {"name": "90014", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90014"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4493", "datePublished": "2017-02-24T20:00:00", "dateReserved": "2016-05-05T00:00:00", "dateUpdated": "2024-08-06T00:32:25.632Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*", "matchCriteriaId": "531D74B4-D723-4ADB-B38D-0F16F468C9B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary."}, {"lang": "es", "value": "Las funciones demangle_template_value_parm y do_hpacc_template_literal en cplus-dem.c en libiberty permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de un binario manipulado."}], "id": "CVE-2016-4493", "lastModified": "2017-07-28T01:29:01.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-24T20:59:00.597", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90014"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gcc: Read access violations", "id": "1333383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333383"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary."], "name": "CVE-2016-4493", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "binutils220", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-295", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-296", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gcc44", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-295", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-296", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-gcc-32", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-gcc-34", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-gcc-44", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gcc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4493\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4493\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}