#VU69349 Uncontrolled Recursion in Gnu Compiler Collection
Vulnerability identifier: #VU69349
Vulnerability risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-674
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Gnu Compiler Collection
Client/Desktop applications /
Software for system administration
Vendor: GNU
Description
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in the libiberty/rust-demangle.c component. An attacker with ability to pass specially crafted input to the GCC application can consume excessive CPU and memory resources and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Gnu Compiler Collection: 12.0.0
External links
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
