Candidate: CVE-2021-37322
PublicDate: 2021-11-18 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37322
 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
Description:
 GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability
 via the component cplus-dem.c.
Ubuntu-Description:
Notes:
 seth-arnold> binutils isn't safe for untrusted inputs.
 ccdm94> the suggested patch for this CVE is the same as the one considered
 ccdm94> for CVE-2016-2226.
Mitigation:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_binutils:
 upstream: https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=9e6edb946c0e9a2c530fbae3eeace148eca0de33
upstream_binutils: released (2.28)
trusty/esm_binutils: needed
esm-infra/xenial_binutils: released (2.26.1-1ubuntu1~16.04.8+esm1)
trusty_binutils: ignored (out of standard support)
xenial_binutils: ignored (out of standard support)
bionic_binutils: not-affected (2.30-15ubuntu1)
focal_binutils: not-affected (2.34-6ubuntu1)
hirsute_binutils: ignored (reached end-of-life)
impish_binutils: not-affected (2.37-7ubuntu1)
jammy_binutils: not-affected (2.38-2ubuntu1)
devel_binutils: not-affected (2.38-2ubuntu1)