On Tue, 2 Aug 2022 at 17:12, <fus@xxxxxxxxxxxxxx> wrote: > > The above mentioned CVE > (https://nvd.nist.gov/vuln/detail/CVE-2022-27943) just specifies GNU GCC > 11.2 to be affected, but fails to eplicitly specify that previous > versions are not affected. Does this CVE only affect exactly GCC version > 11.2? No, some earlier versions are affected. > > And I would also like to know how I can determine whether or not I will > be eposed to this vulnerability when using an affected version. Is the > rust demangler used internally by any C/C++ tools No. > or will I only be > affected when compiling rust programs? It isn't used when compiling rust programs. It's only used when inspecting binaries containing rust code, e.g. using the 'nm-new' utility. If I understand correctly, the stack overflow can only happen with binaries containing bogus symbol names specially crafted to exploit the bug.
