Thank you for looking into this Nick. I've been staring at a few of these CVEs off-and-on for a few days, and the following CVEs all look like duplicates:
CVE-2018-17985: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335 CVE-2018-18484: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636 CVE-2018-18701: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675 CVE-2018-18700: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681 There may be more. I think Mitre is scanning the gnu bugzilla and assigning CVEs? This does look like a legitimate very low criticality "denial of service", but generating new CVEs for every unique poc file against the same root cause doesn't seem useful. Perhaps some of these should be rejected? -- Scott Gayou / Red Had Product Security
