vulnerability
Red Hat: CVE-2018-20673: CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jan 4, 2019 | Nov 10, 2021 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jan 4, 2019
Added
Nov 10, 2021
Modified
Aug 11, 2025
Description
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-cppredhat-upgrade-cpp-debuginforedhat-upgrade-gccredhat-upgrade-gcc-credhat-upgrade-gcc-c-debuginforedhat-upgrade-gcc-debuginforedhat-upgrade-gcc-debugsourceredhat-upgrade-gcc-gdb-pluginredhat-upgrade-gcc-gdb-plugin-debuginforedhat-upgrade-gcc-gfortranredhat-upgrade-gcc-gfortran-debuginforedhat-upgrade-gcc-offload-nvptxredhat-upgrade-gcc-offload-nvptx-debuginforedhat-upgrade-gcc-plugin-develredhat-upgrade-gcc-plugin-devel-debuginforedhat-upgrade-libasanredhat-upgrade-libasan-debuginforedhat-upgrade-libatomicredhat-upgrade-libatomic-debuginforedhat-upgrade-libatomic-staticredhat-upgrade-libgccredhat-upgrade-libgcc-debuginforedhat-upgrade-libgfortranredhat-upgrade-libgfortran-debuginforedhat-upgrade-libgompredhat-upgrade-libgomp-debuginforedhat-upgrade-libgomp-offload-nvptxredhat-upgrade-libgomp-offload-nvptx-debuginforedhat-upgrade-libitmredhat-upgrade-libitm-debuginforedhat-upgrade-libitm-develredhat-upgrade-liblsanredhat-upgrade-liblsan-debuginforedhat-upgrade-libquadmathredhat-upgrade-libquadmath-debuginforedhat-upgrade-libquadmath-develredhat-upgrade-libstdcredhat-upgrade-libstdc-debuginforedhat-upgrade-libstdc-develredhat-upgrade-libstdc-docsredhat-upgrade-libstdc-staticredhat-upgrade-libtsanredhat-upgrade-libtsan-debuginforedhat-upgrade-libubsanredhat-upgrade-libubsan-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.