Dear GNU Security Team, I hope this email finds you well. I am reaching out to report a vulnerability I discovered while testing the `nm` component of `binutils-2.44`. The issue is an infinite recursion in the function `demangle_path()` within `libiberty/rust-demangle.c`, which can cause the program to hang when processing a specially crafted input.
### **Vulnerability Details** - **Affected Component**: `binutils-2.44/libiberty/rust-demangle.c` - **Function**: `static void demangle_path(struct rust_demangler *rdm, int in_value)` - **Issue**: The function can enter an infinite recursive loop when processing certain malformed Rust symbol names, leading to a denial of service condition. - **Impact**: An attacker can craft a malicious input to trigger this issue, causing `nm` (or other tools using this demangler) to hang indefinitely, consuming system resources. ### **Steps to Reproduce** I have attached a Proof of Concept (PoC) file that triggers this issue. You can reproduce it as follows: ```sh nm -C <poc_file> Best regards, kaiyu Xie
poc
Description: Binary data
