libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
Weakness
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gcc | Gnu | 11.2 (including) | 11.2 (including) |
| Binutils | Ubuntu | jammy | * |
| Binutils | Ubuntu | trusty | * |
| Binutils | Ubuntu | xenial | * |
| Crash | Ubuntu | bionic | * |
| Crash | Ubuntu | trusty | * |
| Crash | Ubuntu | xenial | * |
| Gcc-10 | Ubuntu | impish | * |
| Gcc-11 | Ubuntu | devel | * |
| Gcc-11 | Ubuntu | esm-apps/noble | * |
| Gcc-11 | Ubuntu | esm-apps/resolute | * |
| Gcc-11 | Ubuntu | impish | * |
| Gcc-11 | Ubuntu | jammy | * |
| Gcc-11 | Ubuntu | kinetic | * |
| Gcc-11 | Ubuntu | lunar | * |
| Gcc-11 | Ubuntu | mantic | * |
| Gcc-11 | Ubuntu | noble | * |
| Gcc-11 | Ubuntu | oracular | * |
| Gcc-11 | Ubuntu | plucky | * |
| Gcc-11 | Ubuntu | questing | * |
| Gcc-11 | Ubuntu | resolute | * |
| Gcc-12 | Ubuntu | devel | * |
| Gcc-12 | Ubuntu | esm-apps/noble | * |
| Gcc-12 | Ubuntu | esm-apps/resolute | * |
| Gcc-12 | Ubuntu | jammy | * |
| Gcc-12 | Ubuntu | lunar | * |
| Gcc-12 | Ubuntu | mantic | * |
| Gcc-12 | Ubuntu | noble | * |
| Gcc-12 | Ubuntu | oracular | * |
| Gcc-12 | Ubuntu | plucky | * |
| Gcc-12 | Ubuntu | questing | * |
| Gcc-12 | Ubuntu | resolute | * |
| Gcc-3.3 | Ubuntu | esm-apps/xenial | * |
| Gcc-3.3 | Ubuntu | kinetic | * |
| Gcc-3.3 | Ubuntu | trusty | * |
| Gcc-3.3 | Ubuntu | xenial | * |
| Gcc-4.4 | Ubuntu | trusty | * |
| Gcc-4.6 | Ubuntu | trusty | * |
| Gcc-4.7 | Ubuntu | esm-apps/xenial | * |
| Gcc-4.7 | Ubuntu | trusty | * |
| Gcc-4.7 | Ubuntu | xenial | * |
| Gcc-4.7-armel-cross | Ubuntu | esm-apps/xenial | * |
| Gcc-4.7-armel-cross | Ubuntu | trusty | * |
| Gcc-4.7-armel-cross | Ubuntu | xenial | * |
| Gcc-4.7-armhf-cross | Ubuntu | esm-apps/xenial | * |
| Gcc-4.7-armhf-cross | Ubuntu | trusty | * |
| Gcc-4.7-armhf-cross | Ubuntu | xenial | * |
| Gcc-4.8 | Ubuntu | trusty | * |
| Gcc-4.8 | Ubuntu | xenial | * |
| Gcc-4.8-arm64-cross | Ubuntu | esm-apps/xenial | * |
| Gcc-4.8-arm64-cross | Ubuntu | trusty | * |
| Gcc-4.8-arm64-cross | Ubuntu | xenial | * |
| Gcc-4.8-armhf-cross | Ubuntu | esm-apps/xenial | * |
| Gcc-4.8-armhf-cross | Ubuntu | trusty | * |
| Gcc-4.8-armhf-cross | Ubuntu | xenial | * |
| Gcc-4.8-powerpc-cross | Ubuntu | esm-apps/xenial | * |
| Gcc-4.8-powerpc-cross | Ubuntu | trusty | * |
| Gcc-4.8-powerpc-cross | Ubuntu | xenial | * |
| Gcc-4.8-ppc64el-cross | Ubuntu | esm-apps/xenial | * |
| Gcc-4.8-ppc64el-cross | Ubuntu | trusty | * |
| Gcc-4.8-ppc64el-cross | Ubuntu | xenial | * |
| Gcc-4.9 | Ubuntu | xenial | * |
| Gcc-5 | Ubuntu | xenial | * |
| Gcc-5-cross | Ubuntu | xenial | * |
| Gcc-7 | Ubuntu | bionic | * |
| Gcc-7-cross | Ubuntu | bionic | * |
| Gcc-7-cross-ports | Ubuntu | bionic | * |
| Gcc-8 | Ubuntu | bionic | * |
| Gcc-8 | Ubuntu | impish | * |
| Gcc-8-cross | Ubuntu | bionic | * |
| Gcc-8-cross | Ubuntu | focal | * |
| Gcc-8-cross-ports | Ubuntu | bionic | * |
| Gcc-9 | Ubuntu | impish | * |
| Gcc-9-cross | Ubuntu | impish | * |
| Gcc-9-cross | Ubuntu | kinetic | * |
| Gcc-9-cross-ports | Ubuntu | impish | * |
| Gcc-9-cross-ports | Ubuntu | kinetic | * |
| Gcc-arm-linux-androideabi | Ubuntu | esm-apps/xenial | * |
| Gcc-arm-linux-androideabi | Ubuntu | trusty | * |
| Gcc-arm-linux-androideabi | Ubuntu | xenial | * |
| Gcc-arm-none-eabi | Ubuntu | bionic | * |
| Gcc-arm-none-eabi | Ubuntu | esm-apps/xenial | * |
| Gcc-arm-none-eabi | Ubuntu | focal | * |
| Gcc-arm-none-eabi | Ubuntu | impish | * |
| Gcc-arm-none-eabi | Ubuntu | kinetic | * |
| Gcc-arm-none-eabi | Ubuntu | lunar | * |
| Gcc-arm-none-eabi | Ubuntu | mantic | * |
| Gcc-arm-none-eabi | Ubuntu | oracular | * |
| Gcc-arm-none-eabi | Ubuntu | plucky | * |
| Gcc-arm-none-eabi | Ubuntu | trusty | * |
| Gcc-arm-none-eabi | Ubuntu | xenial | * |
| Gcc-avr | Ubuntu | bionic | * |
| Gcc-avr | Ubuntu | esm-apps/xenial | * |
| Gcc-avr | Ubuntu | focal | * |
| Gcc-avr | Ubuntu | impish | * |
| Gcc-avr | Ubuntu | kinetic | * |
| Gcc-avr | Ubuntu | lunar | * |
| Gcc-avr | Ubuntu | mantic | * |
| Gcc-avr | Ubuntu | oracular | * |
| Gcc-avr | Ubuntu | plucky | * |
| Gcc-avr | Ubuntu | trusty | * |
| Gcc-avr | Ubuntu | xenial | * |
| Gcc-defaults | Ubuntu | bionic | * |
| Gcc-defaults | Ubuntu | impish | * |
| Gcc-defaults | Ubuntu | kinetic | * |
| Gcc-defaults | Ubuntu | lunar | * |
| Gcc-defaults | Ubuntu | mantic | * |
| Gcc-defaults-arm64-cross | Ubuntu | trusty | * |
| Gcc-defaults-armel-cross | Ubuntu | trusty | * |
| Gcc-defaults-armhf-cross | Ubuntu | trusty | * |
| Gcc-defaults-powerpc-cross | Ubuntu | trusty | * |
| Gcc-defaults-ppc64el-cross | Ubuntu | trusty | * |
| Gcc-h8300-hms | Ubuntu | bionic | * |
| Gcc-h8300-hms | Ubuntu | esm-apps/xenial | * |
| Gcc-h8300-hms | Ubuntu | focal | * |
| Gcc-h8300-hms | Ubuntu | impish | * |
| Gcc-h8300-hms | Ubuntu | kinetic | * |
| Gcc-h8300-hms | Ubuntu | lunar | * |
| Gcc-h8300-hms | Ubuntu | mantic | * |
| Gcc-h8300-hms | Ubuntu | oracular | * |
| Gcc-h8300-hms | Ubuntu | plucky | * |
| Gcc-h8300-hms | Ubuntu | trusty | * |
| Gcc-h8300-hms | Ubuntu | xenial | * |
| Gcc-i686-linux-android | Ubuntu | esm-apps/xenial | * |
| Gcc-i686-linux-android | Ubuntu | trusty | * |
| Gcc-i686-linux-android | Ubuntu | xenial | * |
| Gcc-m68hc1x | Ubuntu | bionic | * |
| Gcc-m68hc1x | Ubuntu | esm-apps/xenial | * |
| Gcc-m68hc1x | Ubuntu | focal | * |
| Gcc-m68hc1x | Ubuntu | impish | * |
| Gcc-m68hc1x | Ubuntu | kinetic | * |
| Gcc-m68hc1x | Ubuntu | trusty | * |
| Gcc-m68hc1x | Ubuntu | xenial | * |
| Gcc-mingw-w64 | Ubuntu | bionic | * |
| Gcc-mingw-w64 | Ubuntu | esm-apps/xenial | * |
| Gcc-mingw-w64 | Ubuntu | focal | * |
| Gcc-mingw-w64 | Ubuntu | impish | * |
| Gcc-mingw-w64 | Ubuntu | kinetic | * |
| Gcc-mingw-w64 | Ubuntu | lunar | * |
| Gcc-mingw-w64 | Ubuntu | mantic | * |
| Gcc-mingw-w64 | Ubuntu | oracular | * |
| Gcc-mingw-w64 | Ubuntu | plucky | * |
| Gcc-mingw-w64 | Ubuntu | trusty | * |
| Gcc-mingw-w64 | Ubuntu | trusty/esm | * |
| Gcc-mingw-w64 | Ubuntu | xenial | * |
| Gcc-msp430 | Ubuntu | bionic | * |
| Gcc-msp430 | Ubuntu | esm-apps/xenial | * |
| Gcc-msp430 | Ubuntu | focal | * |
| Gcc-msp430 | Ubuntu | impish | * |
| Gcc-msp430 | Ubuntu | kinetic | * |
| Gcc-msp430 | Ubuntu | lunar | * |
| Gcc-msp430 | Ubuntu | mantic | * |
| Gcc-msp430 | Ubuntu | trusty | * |
| Gcc-msp430 | Ubuntu | xenial | * |
| Gcc-opt | Ubuntu | bionic | * |
| Gcc-opt | Ubuntu | esm-apps/xenial | * |
| Gcc-opt | Ubuntu | focal | * |
| Gcc-opt | Ubuntu | impish | * |
| Gcc-opt | Ubuntu | kinetic | * |
| Gcc-opt | Ubuntu | lunar | * |
| Gcc-opt | Ubuntu | mantic | * |
| Gcc-opt | Ubuntu | oracular | * |
| Gcc-opt | Ubuntu | plucky | * |
| Gcc-opt | Ubuntu | trusty | * |
| Gcc-opt | Ubuntu | xenial | * |
| Gcc-snapshot | Ubuntu | bionic | * |
| Gcc-snapshot | Ubuntu | focal | * |
| Gcc-snapshot | Ubuntu | impish | * |
| Gcc-snapshot | Ubuntu | kinetic | * |
| Gcc-snapshot | Ubuntu | trusty | * |
| Gcc-snapshot | Ubuntu | xenial | * |
| Gccgo-4.9 | Ubuntu | trusty | * |
| Gccgo-6 | Ubuntu | xenial | * |
| Gdb | Ubuntu | bionic | * |
| Gdb | Ubuntu | jammy | * |
| Gdb | Ubuntu | trusty | * |
| Gdb | Ubuntu | upstream | * |
| Gdb | Ubuntu | xenial | * |
| Libiberty | Ubuntu | hirsute | * |
| Libiberty | Ubuntu | jammy | * |
| Libiberty | Ubuntu | trusty | * |
| Libiberty | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/
- https://sourceware.org/bugzilla/show_bug.cgi?id=28995
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/
- https://sourceware.org/bugzilla/show_bug.cgi?id=28995