Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-27943

Uncontrolled Recursion

Published: Mar 26, 2022 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.5 LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-27943
CWEhttps://cwe.mitre.org/data/definitions/674.html

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Gcc Gnu 11.2 (including) 11.2 (including)
Binutils Ubuntu jammy *
Binutils Ubuntu trusty *
Binutils Ubuntu xenial *
Crash Ubuntu bionic *
Crash Ubuntu trusty *
Crash Ubuntu xenial *
Gcc-10 Ubuntu impish *
Gcc-11 Ubuntu devel *
Gcc-11 Ubuntu esm-apps/noble *
Gcc-11 Ubuntu impish *
Gcc-11 Ubuntu jammy *
Gcc-11 Ubuntu kinetic *
Gcc-11 Ubuntu lunar *
Gcc-11 Ubuntu mantic *
Gcc-11 Ubuntu noble *
Gcc-11 Ubuntu oracular *
Gcc-12 Ubuntu devel *
Gcc-12 Ubuntu esm-apps/noble *
Gcc-12 Ubuntu jammy *
Gcc-12 Ubuntu lunar *
Gcc-12 Ubuntu mantic *
Gcc-12 Ubuntu noble *
Gcc-12 Ubuntu oracular *
Gcc-3.3 Ubuntu kinetic *
Gcc-3.3 Ubuntu trusty *
Gcc-3.3 Ubuntu xenial *
Gcc-4.4 Ubuntu trusty *
Gcc-4.6 Ubuntu trusty *
Gcc-4.7 Ubuntu trusty *
Gcc-4.7 Ubuntu xenial *
Gcc-4.7-armel-cross Ubuntu trusty *
Gcc-4.7-armel-cross Ubuntu xenial *
Gcc-4.7-armhf-cross Ubuntu trusty *
Gcc-4.7-armhf-cross Ubuntu xenial *
Gcc-4.8 Ubuntu trusty *
Gcc-4.8 Ubuntu xenial *
Gcc-4.8-arm64-cross Ubuntu trusty *
Gcc-4.8-arm64-cross Ubuntu xenial *
Gcc-4.8-armhf-cross Ubuntu trusty *
Gcc-4.8-armhf-cross Ubuntu xenial *
Gcc-4.8-powerpc-cross Ubuntu trusty *
Gcc-4.8-powerpc-cross Ubuntu xenial *
Gcc-4.8-ppc64el-cross Ubuntu trusty *
Gcc-4.8-ppc64el-cross Ubuntu xenial *
Gcc-4.9 Ubuntu xenial *
Gcc-5 Ubuntu xenial *
Gcc-5-cross Ubuntu xenial *
Gcc-7 Ubuntu bionic *
Gcc-7-cross Ubuntu bionic *
Gcc-7-cross-ports Ubuntu bionic *
Gcc-8 Ubuntu bionic *
Gcc-8 Ubuntu impish *
Gcc-8-cross Ubuntu bionic *
Gcc-8-cross-ports Ubuntu bionic *
Gcc-9 Ubuntu impish *
Gcc-9-cross Ubuntu impish *
Gcc-9-cross Ubuntu kinetic *
Gcc-9-cross-ports Ubuntu impish *
Gcc-9-cross-ports Ubuntu kinetic *
Gcc-arm-linux-androideabi Ubuntu trusty *
Gcc-arm-linux-androideabi Ubuntu xenial *
Gcc-arm-none-eabi Ubuntu bionic *
Gcc-arm-none-eabi Ubuntu impish *
Gcc-arm-none-eabi Ubuntu kinetic *
Gcc-arm-none-eabi Ubuntu lunar *
Gcc-arm-none-eabi Ubuntu mantic *
Gcc-arm-none-eabi Ubuntu trusty *
Gcc-arm-none-eabi Ubuntu xenial *
Gcc-avr Ubuntu bionic *
Gcc-avr Ubuntu impish *
Gcc-avr Ubuntu kinetic *
Gcc-avr Ubuntu lunar *
Gcc-avr Ubuntu mantic *
Gcc-avr Ubuntu trusty *
Gcc-avr Ubuntu xenial *
Gcc-defaults Ubuntu bionic *
Gcc-defaults Ubuntu impish *
Gcc-defaults Ubuntu kinetic *
Gcc-defaults Ubuntu lunar *
Gcc-defaults Ubuntu mantic *
Gcc-defaults-arm64-cross Ubuntu trusty *
Gcc-defaults-armel-cross Ubuntu trusty *
Gcc-defaults-armhf-cross Ubuntu trusty *
Gcc-defaults-powerpc-cross Ubuntu trusty *
Gcc-defaults-ppc64el-cross Ubuntu trusty *
Gcc-h8300-hms Ubuntu bionic *
Gcc-h8300-hms Ubuntu impish *
Gcc-h8300-hms Ubuntu kinetic *
Gcc-h8300-hms Ubuntu lunar *
Gcc-h8300-hms Ubuntu mantic *
Gcc-h8300-hms Ubuntu trusty *
Gcc-h8300-hms Ubuntu xenial *
Gcc-i686-linux-android Ubuntu trusty *
Gcc-i686-linux-android Ubuntu xenial *
Gcc-m68hc1x Ubuntu bionic *
Gcc-m68hc1x Ubuntu impish *
Gcc-m68hc1x Ubuntu kinetic *
Gcc-m68hc1x Ubuntu trusty *
Gcc-m68hc1x Ubuntu xenial *
Gcc-mingw-w64 Ubuntu bionic *
Gcc-mingw-w64 Ubuntu impish *
Gcc-mingw-w64 Ubuntu kinetic *
Gcc-mingw-w64 Ubuntu lunar *
Gcc-mingw-w64 Ubuntu mantic *
Gcc-mingw-w64 Ubuntu trusty *
Gcc-mingw-w64 Ubuntu xenial *
Gcc-msp430 Ubuntu bionic *
Gcc-msp430 Ubuntu impish *
Gcc-msp430 Ubuntu kinetic *
Gcc-msp430 Ubuntu lunar *
Gcc-msp430 Ubuntu mantic *
Gcc-msp430 Ubuntu trusty *
Gcc-msp430 Ubuntu xenial *
Gcc-opt Ubuntu bionic *
Gcc-opt Ubuntu impish *
Gcc-opt Ubuntu kinetic *
Gcc-opt Ubuntu lunar *
Gcc-opt Ubuntu mantic *
Gcc-opt Ubuntu trusty *
Gcc-opt Ubuntu xenial *
Gcc-snapshot Ubuntu bionic *
Gcc-snapshot Ubuntu focal *
Gcc-snapshot Ubuntu impish *
Gcc-snapshot Ubuntu jammy *
Gcc-snapshot Ubuntu kinetic *
Gcc-snapshot Ubuntu trusty *
Gcc-snapshot Ubuntu xenial *
Gccgo-4.9 Ubuntu trusty *
Gccgo-6 Ubuntu xenial *
Gdb Ubuntu bionic *
Gdb Ubuntu jammy *
Gdb Ubuntu trusty *
Gdb Ubuntu upstream *
Gdb Ubuntu xenial *
Libiberty Ubuntu hirsute *
Libiberty Ubuntu jammy *
Libiberty Ubuntu trusty *
Libiberty Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use