VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 1, 2022· Updated Aug 3, 2024

CVE-2021-3826

CVE-2021-3826

Description

Null pointer dereference in libiberty's D demangler via crafted mangled symbol leads to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Null pointer dereference in libiberty's D demangler via crafted mangled symbol leads to denial of service.

Vulnerability

The dlang_lname function in libiberty/d-demangle.c contains a null pointer dereference vulnerability when processing a crafted mangled symbol. Specifically, in the dlang_type function, a null pointer check is missing before dereferencing a pointer that could be null, leading to a segmentation fault. This issue affects libiberty as shipped with GNU Compiler Collection (GCC) prior to the patch applied in September 2021 [1].

Exploitation

An attacker can trigger the vulnerability by providing a specially crafted mangled D symbol to an application that uses libiberty's demangling routines. No authentication or special privileges are required; the attacker only needs the ability to supply the malicious input to the demangler. The crafted symbol causes a null pointer dereference in the dlang_type function when the mangled string contains a back reference marker ('Q') without a valid preceding type [1].

Impact

Successful exploitation causes a segmentation fault, resulting in a denial of service (DoS) crash of the affected process. The vulnerability does not allow for arbitrary code execution or privilege escalation; its impact is limited to availability [1].

Mitigation

The fix for this vulnerability is provided in a patch posted to the GCC mailing list on September 22, 2021 [1]. The patch adds a null check before dereferencing the pointer in dlang_type. Users should apply the patch or update to a version of GCC that includes the fix. No workaround other than avoiding untrusted input to the demangler is known.

References
  1. [PATCH] libiberty: prevent null dereferencing on dlang_type

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

84

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing null pointer check before dereferencing the `mangled` pointer in `dlang_type` allows a crafted mangled symbol to cause a null pointer dereference."

Attack vector

An attacker can craft a malformed D language mangled symbol (e.g., `_D01_D`) that causes the `mangled` pointer to become NULL inside `dlang_type`. When the demangler processes this symbol, it dereferences the null pointer, leading to a segmentation fault. This can be triggered remotely if an application that uses libiberty's demangling routines processes untrusted input, resulting in a denial of service [ref_id=1].

Affected code

The vulnerability is in the `dlang_type` function in `libiberty/d-demangle.c`. When processing a crafted mangled symbol, the function dereferences a null pointer because the `mangled` pointer is not checked for NULL before being used in the `*mangled == 'Q'` comparison. The patch adds a `mangled &&` guard before that check.

What the fix does

The patch adds a `mangled &&` guard before the `*mangled == 'Q'` check in `dlang_type` [ref_id=1]. This ensures the pointer is validated before dereferencing, preventing the null pointer dereference that caused the SIGSEGV. The test suite is also updated with a new test case (`_D01_D`) to verify the fix.

Preconditions

  • inputThe attacker must supply a crafted D language mangled symbol (e.g., `_D01_D`) to a program that uses libiberty's demangling functions.
  • networkNo authentication or special network position is required; the attack can be triggered over any channel where untrusted input reaches the demangler.

Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.