Miggo Logo
Miggo Vulnerability Database
CVE-2017-13716

CVE-2017-13716: The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29...

5.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-13716
GHSA ID
GHSA-mwjr-5h89-5xqp
EPSS Score
0.42024%
CWE
CWE-770
Published
5/13/2022
Updated
2/2/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

Unable to retrieve specific commit information or patch details for CVE-2017-13716. The primary source for patch information (Bugzilla) was inaccessible, and attempts to find mirrored patches or commits through Google searches and direct GitHub commit URL fetching were unsuccessful. The vulnerability is known to be in cplus-dem.c in libiberty (part of binutils) and relates to excessive memory allocation during C++ symbol demangling. However, without the specific code changes, pinpointing the exact vulnerable functions and providing patch evidence is not possible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *++ sym*ol **m*n*l*r routin* in *plus-**m.* in li*i**rty, *s *istri*ut** in *NU *inutils *.**, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (*x**ssiv* m*mory *llo**tion *n* *ppli**tion *r*s*) vi* * *r**t** *il*, *s **monstr*t** *y * **ll

Reasoning

Un**l* to r*tri*v* sp**i*i* *ommit in*orm*tion or p*t** **t*ils *or *V*-****-*****. T** prim*ry sour** *or p*t** in*orm*tion (*u*zill*) w*s in****ssi*l*, *n* *tt*mpts to *in* mirror** p*t***s or *ommits t*rou** *oo*l* s**r***s *n* *ir**t *it*u* *ommi