{"api_version":"1","generated_at":"2026-04-23T09:39:08+00:00","cve":"CVE-2018-12698","urls":{"html":"https://cve.report/CVE-2018-12698","api":"https://cve.report/api/cve/CVE-2018-12698.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-12698","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-12698"},"summary":{"title":"CVE-2018-12698","description":"demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-06-23 23:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/4326-1/","name":"USN-4326-1","refsource":"UBUNTU","tags":[],"title":"USN-4326-1: libiberty vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201908-01","name":"GLSA-201908-01","refsource":"GENTOO","tags":[],"title":"Binutils: Multiple vulnerabilities (GLSA 201908-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","name":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","refsource":"MISC","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"85454 – Multiple memory corruptions in objdump / C++ name demangler (binuitils-2.30-15ubuntu1)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=23057","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=23057","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"23057 – Multiple memory corruptions in objdump (binuitils-2.30-15ubuntu1)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4336-1/","name":"USN-4336-1","refsource":"UBUNTU","tags":[],"title":"USN-4336-1: GNU binutils vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","name":"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Bug #1763102 “Multiple memory corruptions in objdump (binuitils-...” : Bugs : binutils package : Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104539","name":"104539","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"GNU libiberty CVE-2018-12698 Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-12698","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12698","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"12698","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12698","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12698","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"binutils","cpe6":"2.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12698","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"binutils","cpe6":"2.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-12698","qid":"710158","title":"Gentoo Linux Binutils Multiple vulnerabilities (GLSA 201908-01)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-12698","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","refsource":"MISC","url":"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102"},{"name":"https://sourceware.org/bugzilla/show_bug.cgi?id=23057","refsource":"MISC","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=23057"},{"name":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","refsource":"MISC","url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454"},{"name":"104539","refsource":"BID","url":"http://www.securityfocus.com/bid/104539"},{"refsource":"GENTOO","name":"GLSA-201908-01","url":"https://security.gentoo.org/glsa/201908-01"},{"refsource":"UBUNTU","name":"USN-4326-1","url":"https://usn.ubuntu.com/4326-1/"},{"refsource":"UBUNTU","name":"USN-4336-1","url":"https://usn.ubuntu.com/4336-1/"}]}},"nvd":{"publishedDate":"2018-06-23 23:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"12698","Ordinal":"129326","Title":"CVE-2018-12698","CVE":"CVE-2018-12698","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"12698","Ordinal":"1","NoteData":"demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"12698","Ordinal":"2","NoteData":"2018-06-23","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"12698","Ordinal":"3","NoteData":"2020-04-28","Type":"Other","Title":"Modified"}]}}}