CVE Vulnerabilities

CVE-2016-4493

Out-of-bounds Read

Published: Feb 24, 2017 | Modified: Jul 28, 2017
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:N/A:P
RedHat/V3
5.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Ubuntu
LOW

The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

Weakness

The product reads data past the end, or before the beginning, of the intended buffer.

Affected Software

Name Vendor Start Version End Version
Libiberty Gnu * *
Binutils Ubuntu esm-infra/xenial *
Binutils Ubuntu precise *
Binutils Ubuntu precise/esm *
Binutils Ubuntu trusty *
Binutils Ubuntu upstream *
Binutils Ubuntu wily *
Binutils Ubuntu xenial *
Binutils Ubuntu yakkety *
Binutils-h8300-hms Ubuntu artful *
Binutils-h8300-hms Ubuntu bionic *
Binutils-h8300-hms Ubuntu cosmic *
Binutils-h8300-hms Ubuntu devel *
Binutils-h8300-hms Ubuntu disco *
Binutils-h8300-hms Ubuntu eoan *
Binutils-h8300-hms Ubuntu esm-apps/bionic *
Binutils-h8300-hms Ubuntu esm-apps/focal *
Binutils-h8300-hms Ubuntu esm-apps/jammy *
Binutils-h8300-hms Ubuntu esm-apps/noble *
Binutils-h8300-hms Ubuntu esm-apps/xenial *
Binutils-h8300-hms Ubuntu focal *
Binutils-h8300-hms Ubuntu groovy *
Binutils-h8300-hms Ubuntu hirsute *
Binutils-h8300-hms Ubuntu impish *
Binutils-h8300-hms Ubuntu jammy *
Binutils-h8300-hms Ubuntu kinetic *
Binutils-h8300-hms Ubuntu lunar *
Binutils-h8300-hms Ubuntu mantic *
Binutils-h8300-hms Ubuntu noble *
Binutils-h8300-hms Ubuntu precise *
Binutils-h8300-hms Ubuntu trusty *
Binutils-h8300-hms Ubuntu wily *
Binutils-h8300-hms Ubuntu xenial *
Binutils-h8300-hms Ubuntu yakkety *
Binutils-h8300-hms Ubuntu zesty *
Gcc-arm-none-eabi Ubuntu artful *
Gcc-arm-none-eabi Ubuntu bionic *
Gcc-arm-none-eabi Ubuntu cosmic *
Gcc-arm-none-eabi Ubuntu esm-apps/bionic *
Gcc-arm-none-eabi Ubuntu esm-apps/xenial *
Gcc-arm-none-eabi Ubuntu trusty *
Gcc-arm-none-eabi Ubuntu wily *
Gcc-arm-none-eabi Ubuntu xenial *
Gcc-arm-none-eabi Ubuntu yakkety *
Gcc-arm-none-eabi Ubuntu zesty *
Gcc-h8300-hms Ubuntu artful *
Gcc-h8300-hms Ubuntu bionic *
Gcc-h8300-hms Ubuntu cosmic *
Gcc-h8300-hms Ubuntu devel *
Gcc-h8300-hms Ubuntu disco *
Gcc-h8300-hms Ubuntu eoan *
Gcc-h8300-hms Ubuntu esm-apps/bionic *
Gcc-h8300-hms Ubuntu esm-apps/focal *
Gcc-h8300-hms Ubuntu esm-apps/jammy *
Gcc-h8300-hms Ubuntu esm-apps/noble *
Gcc-h8300-hms Ubuntu esm-apps/xenial *
Gcc-h8300-hms Ubuntu focal *
Gcc-h8300-hms Ubuntu groovy *
Gcc-h8300-hms Ubuntu hirsute *
Gcc-h8300-hms Ubuntu impish *
Gcc-h8300-hms Ubuntu jammy *
Gcc-h8300-hms Ubuntu kinetic *
Gcc-h8300-hms Ubuntu lunar *
Gcc-h8300-hms Ubuntu mantic *
Gcc-h8300-hms Ubuntu noble *
Gcc-h8300-hms Ubuntu precise *
Gcc-h8300-hms Ubuntu trusty *
Gcc-h8300-hms Ubuntu wily *
Gcc-h8300-hms Ubuntu xenial *
Gcc-h8300-hms Ubuntu yakkety *
Gcc-h8300-hms Ubuntu zesty *
Gccxml Ubuntu esm-apps/xenial *
Gccxml Ubuntu precise *
Gccxml Ubuntu trusty *
Gccxml Ubuntu wily *
Gccxml Ubuntu xenial *
Gdb Ubuntu esm-infra/xenial *
Gdb Ubuntu precise *
Gdb Ubuntu trusty *
Gdb Ubuntu vivid/stable-phone-overlay *
Gdb Ubuntu vivid/ubuntu-core *
Gdb Ubuntu wily *
Gdb Ubuntu xenial *
Ht Ubuntu artful *
Ht Ubuntu esm-apps/xenial *
Ht Ubuntu precise *
Ht Ubuntu trusty *
Ht Ubuntu wily *
Ht Ubuntu xenial *
Ht Ubuntu yakkety *
Ht Ubuntu zesty *
Libiberty Ubuntu esm-infra/xenial *
Libiberty Ubuntu trusty *
Libiberty Ubuntu wily *
Libiberty Ubuntu xenial *
Libiberty Ubuntu yakkety *
Nescc Ubuntu artful *
Nescc Ubuntu bionic *
Nescc Ubuntu cosmic *
Nescc Ubuntu disco *
Nescc Ubuntu eoan *
Nescc Ubuntu esm-apps/bionic *
Nescc Ubuntu esm-apps/focal *
Nescc Ubuntu esm-apps/jammy *
Nescc Ubuntu esm-apps/xenial *
Nescc Ubuntu focal *
Nescc Ubuntu groovy *
Nescc Ubuntu hirsute *
Nescc Ubuntu impish *
Nescc Ubuntu jammy *
Nescc Ubuntu kinetic *
Nescc Ubuntu lunar *
Nescc Ubuntu mantic *
Nescc Ubuntu trusty *
Nescc Ubuntu wily *
Nescc Ubuntu xenial *
Nescc Ubuntu yakkety *
Nescc Ubuntu zesty *
Sdcc Ubuntu artful *
Sdcc Ubuntu bionic *
Sdcc Ubuntu cosmic *
Sdcc Ubuntu esm-apps/bionic *
Sdcc Ubuntu esm-apps/xenial *
Sdcc Ubuntu precise *
Sdcc Ubuntu trusty *
Sdcc Ubuntu wily *
Sdcc Ubuntu xenial *
Sdcc Ubuntu yakkety *
Sdcc Ubuntu zesty *
Valgrind Ubuntu esm-infra/xenial *
Valgrind Ubuntu precise *
Valgrind Ubuntu trusty *
Valgrind Ubuntu wily *
Valgrind Ubuntu xenial *
Valgrind Ubuntu yakkety *

Potential Mitigations

  • Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.

References