https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102702
Bug ID: 102702
Summary: libiberty: heap/stack buffer overflow when decoding
user input
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: demangler
Assignee: unassigned at gcc dot gnu.org
Reporter: contact at lsferreira dot net
Target Milestone: ---
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in
libiberty allows attackers to potentially cause a denial of service
(segmentation fault or crash) via a crafted mangled symbol.
Example of affected symbols "_D2FGWG44444444444444444EQe",
"_D4c?441_Qe_4DmD_i==========UUUqU", "_D33dddQ_D2HHHHDVV_D33dddQDVVHHDQN188Qr"
and "_D8ee2_1111Qe".
A CVE was already assigned by Red Hat: CVE-2021-3826: libiberty: heap/stack
buffer overflow in the dlang_lname function in d-demangle.c
