* determining impact of vulnerability CVE-2022-27943 in libiberty/rust-demangle.c
@ 2022-08-02 16:11 fus
2022-08-02 16:33 ` Jonathan Wakely
0 siblings, 1 reply; 2+ messages in thread
From: fus @ 2022-08-02 16:11 UTC (permalink / raw)
To: gcc-help
The above mentioned CVE
(https://nvd.nist.gov/vuln/detail/CVE-2022-27943) just specifies GNU GCC
11.2 to be affected, but fails to eplicitly specify that previous
versions are not affected. Does this CVE only affect exactly GCC version
11.2?
And I would also like to know how I can determine whether or not I will
be eposed to this vulnerability when using an affected version. Is the
rust demangler used internally by any C/C++ tools or will I only be
affected when compiling rust programs?
Regards
Frank
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: determining impact of vulnerability CVE-2022-27943 in libiberty/rust-demangle.c
2022-08-02 16:11 determining impact of vulnerability CVE-2022-27943 in libiberty/rust-demangle.c fus
@ 2022-08-02 16:33 ` Jonathan Wakely
0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Wakely @ 2022-08-02 16:33 UTC (permalink / raw)
To: fus; +Cc: gcc-help
On Tue, 2 Aug 2022 at 17:12, <fus@plutonium24.de> wrote:
>
> The above mentioned CVE
> (https://nvd.nist.gov/vuln/detail/CVE-2022-27943) just specifies GNU GCC
> 11.2 to be affected, but fails to eplicitly specify that previous
> versions are not affected. Does this CVE only affect exactly GCC version
> 11.2?
No, some earlier versions are affected.
>
> And I would also like to know how I can determine whether or not I will
> be eposed to this vulnerability when using an affected version. Is the
> rust demangler used internally by any C/C++ tools
No.
> or will I only be
> affected when compiling rust programs?
It isn't used when compiling rust programs. It's only used when
inspecting binaries containing rust code, e.g. using the 'nm-new'
utility. If I understand correctly, the stack overflow can only happen
with binaries containing bogus symbol names specially crafted to
exploit the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-08-02 16:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-02 16:11 determining impact of vulnerability CVE-2022-27943 in libiberty/rust-demangle.c fus
2022-08-02 16:33 ` Jonathan Wakely
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).