Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-46195

Uncontrolled Recursion

Published: Jan 14, 2022 | Modified: Jan 22, 2022
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-46195
CWEhttps://cwe.mitre.org/data/definitions/674.html

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Gcc Gnu 12.0 (including) 12.0 (including)
Red Hat Enterprise Linux 9 RedHat mingw-gcc-0:12.0.1-11.2.el9 *
Gcc-10 Ubuntu hirsute *
Gcc-10 Ubuntu impish *
Gcc-11 Ubuntu devel *
Gcc-11 Ubuntu esm-apps/noble *
Gcc-11 Ubuntu hirsute *
Gcc-11 Ubuntu impish *
Gcc-11 Ubuntu jammy *
Gcc-11 Ubuntu kinetic *
Gcc-11 Ubuntu lunar *
Gcc-11 Ubuntu mantic *
Gcc-11 Ubuntu noble *
Gcc-11 Ubuntu oracular *
Gcc-11 Ubuntu upstream *
Gcc-12 Ubuntu bionic *
Gcc-12 Ubuntu trusty *
Gcc-12 Ubuntu upstream *
Gcc-12 Ubuntu xenial *
Gcc-13 Ubuntu bionic *
Gcc-13 Ubuntu trusty *
Gcc-13 Ubuntu xenial *
Gcc-3.3 Ubuntu hirsute *
Gcc-3.3 Ubuntu kinetic *
Gcc-3.3 Ubuntu trusty *
Gcc-3.3 Ubuntu xenial *
Gcc-4.4 Ubuntu trusty *
Gcc-4.6 Ubuntu trusty *
Gcc-4.7 Ubuntu trusty *
Gcc-4.7 Ubuntu xenial *
Gcc-4.7-armel-cross Ubuntu trusty *
Gcc-4.7-armel-cross Ubuntu xenial *
Gcc-4.7-armhf-cross Ubuntu trusty *
Gcc-4.7-armhf-cross Ubuntu xenial *
Gcc-4.8 Ubuntu trusty *
Gcc-4.8 Ubuntu xenial *
Gcc-4.8-arm64-cross Ubuntu trusty *
Gcc-4.8-arm64-cross Ubuntu xenial *
Gcc-4.8-armhf-cross Ubuntu trusty *
Gcc-4.8-armhf-cross Ubuntu xenial *
Gcc-4.8-powerpc-cross Ubuntu trusty *
Gcc-4.8-powerpc-cross Ubuntu xenial *
Gcc-4.8-ppc64el-cross Ubuntu trusty *
Gcc-4.8-ppc64el-cross Ubuntu xenial *
Gcc-4.9 Ubuntu xenial *
Gcc-5 Ubuntu xenial *
Gcc-5-cross Ubuntu bionic *
Gcc-5-cross Ubuntu xenial *
Gcc-7 Ubuntu bionic *
Gcc-7 Ubuntu hirsute *
Gcc-7-cross Ubuntu bionic *
Gcc-7-cross-ports Ubuntu bionic *
Gcc-8 Ubuntu bionic *
Gcc-8 Ubuntu hirsute *
Gcc-8 Ubuntu impish *
Gcc-8-cross Ubuntu bionic *
Gcc-8-cross Ubuntu hirsute *
Gcc-8-cross-ports Ubuntu bionic *
Gcc-8-cross-ports Ubuntu hirsute *
Gcc-9 Ubuntu hirsute *
Gcc-9 Ubuntu impish *
Gcc-9-cross Ubuntu hirsute *
Gcc-9-cross Ubuntu impish *
Gcc-9-cross Ubuntu kinetic *
Gcc-9-cross-ports Ubuntu hirsute *
Gcc-9-cross-ports Ubuntu impish *
Gcc-9-cross-ports Ubuntu kinetic *
Gcc-arm-linux-androideabi Ubuntu trusty *
Gcc-arm-linux-androideabi Ubuntu xenial *
Gcc-arm-none-eabi Ubuntu bionic *
Gcc-arm-none-eabi Ubuntu hirsute *
Gcc-arm-none-eabi Ubuntu impish *
Gcc-arm-none-eabi Ubuntu kinetic *
Gcc-arm-none-eabi Ubuntu trusty *
Gcc-arm-none-eabi Ubuntu xenial *
Gcc-avr Ubuntu bionic *
Gcc-avr Ubuntu hirsute *
Gcc-avr Ubuntu impish *
Gcc-avr Ubuntu kinetic *
Gcc-avr Ubuntu trusty *
Gcc-avr Ubuntu xenial *
Gcc-defaults Ubuntu bionic *
Gcc-defaults Ubuntu hirsute *
Gcc-defaults Ubuntu impish *
Gcc-defaults Ubuntu kinetic *
Gcc-defaults Ubuntu trusty *
Gcc-defaults Ubuntu xenial *
Gcc-defaults-arm64-cross Ubuntu trusty *
Gcc-defaults-armel-cross Ubuntu trusty *
Gcc-defaults-armhf-cross Ubuntu trusty *
Gcc-defaults-powerpc-cross Ubuntu trusty *
Gcc-defaults-ppc64el-cross Ubuntu trusty *
Gcc-h8300-hms Ubuntu bionic *
Gcc-h8300-hms Ubuntu hirsute *
Gcc-h8300-hms Ubuntu impish *
Gcc-h8300-hms Ubuntu kinetic *
Gcc-h8300-hms Ubuntu trusty *
Gcc-h8300-hms Ubuntu xenial *
Gcc-i686-linux-android Ubuntu trusty *
Gcc-i686-linux-android Ubuntu xenial *
Gcc-m68hc1x Ubuntu bionic *
Gcc-m68hc1x Ubuntu hirsute *
Gcc-m68hc1x Ubuntu impish *
Gcc-m68hc1x Ubuntu kinetic *
Gcc-m68hc1x Ubuntu trusty *
Gcc-m68hc1x Ubuntu xenial *
Gcc-mingw-w64 Ubuntu bionic *
Gcc-mingw-w64 Ubuntu hirsute *
Gcc-mingw-w64 Ubuntu impish *
Gcc-mingw-w64 Ubuntu jammy *
Gcc-mingw-w64 Ubuntu kinetic *
Gcc-mingw-w64 Ubuntu trusty *
Gcc-mingw-w64 Ubuntu xenial *
Gcc-msp430 Ubuntu bionic *
Gcc-msp430 Ubuntu hirsute *
Gcc-msp430 Ubuntu impish *
Gcc-msp430 Ubuntu kinetic *
Gcc-msp430 Ubuntu trusty *
Gcc-msp430 Ubuntu xenial *
Gcc-opt Ubuntu bionic *
Gcc-opt Ubuntu hirsute *
Gcc-opt Ubuntu impish *
Gcc-opt Ubuntu kinetic *
Gcc-opt Ubuntu trusty *
Gcc-opt Ubuntu xenial *
Gcc-snapshot Ubuntu bionic *
Gcc-snapshot Ubuntu hirsute *
Gcc-snapshot Ubuntu impish *
Gcc-snapshot Ubuntu kinetic *
Gcc-snapshot Ubuntu trusty *
Gcc-snapshot Ubuntu xenial *
Gccgo-4.9 Ubuntu trusty *
Gccgo-6 Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use