Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2122627 (CVE-2021-3826) - CVE-2021-3826 libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
Summary: CVE-2021-3826 libiberty: Heap/stack buffer overflow in the dlang_lname functi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3826
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2132586 2132587 2132588 2132589 2132590 2132591 2132592 2132593 2132594 2132595 2132596 2132597 2132598 2132599 2132600 2132601 2132602 2132603 2149659
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-30 13:21 UTC by Pedro Sampaio
Modified: 2024-01-12 19:54 UTC (History)
39 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.
Clone Of:
Environment:
Last Closed: 2023-05-23 16:41:59 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3269 0 None None None 2023-05-23 11:27:12 UTC
Red Hat Product Errata RHSA-2023:6372 0 None None None 2023-11-07 08:14:50 UTC

Description Pedro Sampaio 2022-08-30 13:21:15 UTC
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

Upstream fix:

https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505

References:

https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html

Comment 1 Patrick Monnerat 2022-08-30 15:44:53 UTC
Thanks for the "heads-up"!
insight was already OK in Fedora>=36.
In F35, insight-13.0.50.20220502-1.fc35 fixes the problem: https://koji.fedoraproject.org/koji/buildinfo?buildID=2055285 currently testing pending.

Comment 2 Fedora Update System 2022-09-08 11:07:05 UTC
FEDORA-2022-8e1df11a7a has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 4 Dhananjay Arunesh 2022-10-06 08:24:59 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2132594]


Created gcc tracking bugs for this issue:

Affects: fedora-all [bug 2132586]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2132595]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2132596]


Created mingw-gcc tracking bugs for this issue:

Affects: fedora-all [bug 2132587]


Created mingw-gdb tracking bugs for this issue:

Affects: fedora-all [bug 2132603]

Comment 7 errata-xmlrpc 2023-05-23 11:27:08 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:3269 https://access.redhat.com/errata/RHSA-2023:3269

Comment 8 Product Security DevOps Team 2023-05-23 16:41:55 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3826

Comment 9 errata-xmlrpc 2023-11-07 08:14:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6372 https://access.redhat.com/errata/RHSA-2023:6372


Note You need to log in before you can comment on or make changes to this bug.