ALPINE-CVE-2018-20712 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2018-20712 PUBLISHED CVSS 6.5 MEDIUM

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.17	binutils	2.31.1-r2, 2.31.1-r1, 2.31.1-r0
Alpine:v3.22	binutils	2.22-r0, 2.31.1-r2, 2.31.1-r1
Alpine:v3.21	binutils	2.31.1-r2, 0, 2.20.51.0.12-r0
Alpine:v3.12	binutils	2.26.1-r0, 0, 2.20.51.0.12-r0
Alpine:v3.10	binutils	0, 2.20.51.0.12-r0, 2.20.51.0.4-r1
Alpine:v3.16	binutils	2.31.1-r2, 0, 2.20.51.0.12-r0
Alpine:v3.20	binutils	2.31.1-r2, 0, 2.20.51.0.12-r0
Alpine:v3.18	binutils	2.28-r2, 0, 2.20.51.0.12-r0
Alpine:v3.23	binutils	2.25-r0, 2.20.51.0.4-r1, 2.21-r0
Alpine:v3.11	binutils	2.31.1-r1, 0, 2.20.51.0.12-r0
Alpine:v3.15	binutils	0, 2.31.1-r2, 2.31.1-r1
Alpine:v3.14	binutils	2.31.1-r2, 0, 2.20.51.0.12-r0
Alpine:v3.19	binutils	2.22-r1, 2.31.1-r2, 2.31.1-r1
Alpine:v3.13	binutils	2.31.1-r1, 0, 2.20.51.0.12-r0

Timeline

Jan 15, 2019 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-20712 advisory

Open in Interactive Console →