AZL-41601

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41601.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-41601

Upstream

CVE-2018-20673

Published

2019-01-04T18:29:00Z

Modified

2026-04-01T05:14:22.274526Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2018-20673 affecting package crash for versions less than 9.0.0-1

Details

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-20673

Affected packages

Azure Linux:3 / crash

Package

Name: crash
Purl: pkg:rpm/azure-linux/crash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41601.json"