Vulnerabilites related to gnu - gcc
Vulnerability from fkie_nvd
Published
2019-10-23 18:15
Modified
2024-11-20 23:43
Severity ?
Summary
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2002-2439 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
secalert@redhat.com | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2002-2439 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2002-2439 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2002-2439 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "45DD205C-9173-45E0-8396-BBA7280FD177", versionEndExcluding: "4.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", }, { lang: "es", value: "Un desbordamiento de enteros en el operador new[] en gcc versiones anteriores a 4.8.0, permite a atacantes tener impactos no especificados.", }, ], id: "CVE-2002-2439", lastModified: "2024-11-20T23:43:41.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-23T18:15:11.007", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2002-2439", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2002-2439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2002-2439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2002-2439", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-04-06 23:44
Modified
2024-11-21 00:45
Severity ?
Summary
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B63A6449-FD4A-4D83-BDF5-1E4D2284045B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B981AA48-6E80-426D-AE27-1D6965AA20A7", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "D0A3B471-AF8D-47C4-8769-6A68CC034E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "8BEF1123-45FD-4A12-ADD1-12D58D7E4DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.2.4:*:*:*:*:*:*:*", matchCriteriaId: "A5AFF1AB-58E4-4DF4-8EBB-D127FF396340", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "AAF40923-6C7A-484A-BE9E-8BFA5D072C94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)", }, { lang: "es", value: "** DISPUTED ** gcc de 4.2.0 a 4.3.0 en GNU Compiler Collection, cuando casts no están utilizados, considera que la suma de un puntero y un entero es mayor o igual que el puntero, lo que podría llevar a la eliminación del código de comprobación de longitud que estaba previsto como un mecanismo de protección contra ataques de desbordamientos de enteros y desbordamiento de búfer, y no proporcionar un mensaje diagnóstico sobre esta eliminación. NOTA: el proveedor ha determinado que este comportamiento del compilador es correcto según la sección 6.5.6 de la norma C99 (también conocido como ISO/IEC 9899:1999).", }, ], id: "CVE-2008-1685", lastModified: "2024-11-21T00:45:05.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-04-06T23:44:00.000", references: [ { source: "cve@mitre.org", url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/162289", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/162289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41686", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "The Red Hat Security Response Team is aware of this new gcc behavior and is currently working to determine what impact these changes will have on the source code processed by the compiler. These changes do not affect Red Hat Enterprise Linux 2, 3, 4, or 5.", lastModified: "2008-07-24T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-26 13:15
Modified
2024-11-21 06:56
Severity ?
Summary
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 | Exploit, Issue Tracking, Vendor Advisory | |
cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ | ||
cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=28995 | Exploit, Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=28995 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | gcc | 11.2 | |
fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:11.2:*:*:*:*:*:*:*", matchCriteriaId: "ED8CAF0C-9804-4C44-9905-E123C87B9952", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", }, { lang: "es", value: "El archivo libiberty/rust-demangle.c en GNU GCC versión 11.2, permite un consumo de pila en demangle_const, como lo demuestra nm-new", }, ], id: "CVE-2022-27943", lastModified: "2024-11-21T06:56:31.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-26T13:15:07.900", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-26 21:29
Modified
2024-11-21 03:08
Severity ?
Summary
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://openwall.com/lists/oss-security/2017/07/27/2 | Mailing List, Third Party Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/100018 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:0849 | ||
cve@mitre.org | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 | Issue Tracking, Vendor Advisory | |
cve@mitre.org | https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html | Mailing List | |
af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/07/27/2 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100018 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0849 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html | Mailing List |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*", matchCriteriaId: "432D419B-7C47-432B-90CC-CBAD7112FD1F", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*", matchCriteriaId: "B01EDC85-552A-47B3-9801-99E6D033884E", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*", matchCriteriaId: "5B242A15-371A-4FB7-9515-46DDA6E07C82", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*", matchCriteriaId: "B1DDA9FF-4383-4E66-8945-41BB25C6C04E", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4C86C936-3E2E-4E89-A3A4-3E77EF1AE761", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*", matchCriteriaId: "1DF2D5BD-B28C-43A2-A990-21F5ECB1C570", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*", matchCriteriaId: "4D100A33-D544-4613-893B-5BBA013DB2D3", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*", matchCriteriaId: "B1EE4B8E-1E82-415D-950D-13750B99E081", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*", matchCriteriaId: "57D66615-998F-4FDA-A1E2-E203E95D55DF", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*", matchCriteriaId: "D812A692-BBCE-469F-9EA3-DFC0C43B347C", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*", matchCriteriaId: "54A4004B-67A0-4677-BC78-3019B14E3C75", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*", matchCriteriaId: "DC6A4748-7738-4259-9B4A-D013CFCCA7F8", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*", matchCriteriaId: "6CD09C4A-59C9-4852-BF74-BAF72F4EDA4E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.", }, { lang: "es", value: "Bajo ciertas circunstancias, la función ix86_expand_builtin en el archivo i386.c en GNU Compiler Collection (GCC) versiones 4.6, 4.7, 4.8, 4.9, versión 5 anterior a 5.5 y versión 6 anterior a 6.4, generará secuencias de instrucciones que marcarán el flag status de los intrínsecos RDRAND y RDSEED antes de que se pueda leer, es posible que no se denuncien los fallos de estas instrucciones. Esto podría potencialmente conllevar a una menor aleatoriedad en la generación de números aleatorios.", }, ], id: "CVE-2017-11671", lastModified: "2024-11-21T03:08:16.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-26T21:29:00.207", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2017/07/27/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100018", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0849", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2017/07/27/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0849", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-338", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-17 23:44
Modified
2024-11-21 00:44
Severity ?
Summary
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:4.3:*:*:*:*:*:*:*", matchCriteriaId: "E6A7A129-A720-4C4A-AC31-6602897884FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.", }, { lang: "es", value: "gcc 4.3.x no genera una instrucción cld mientras compila funciones usadas por cadenas manipuladas como memcpy y memmove en x86 y i386, lo que puede prevenir que el indicador de dirección (DF) sea reseteado en violación de las convenciones ABI y cause que datos sean copiados en la dirección equivocada durante el manejo de señales en el Kernel de Linux, lo que puede permitir a atacantes remotos dependiendo del contexto provocar corrupciones de memoria. NOTA: Originalmente reportada como consumo de CPU en SBCL", }, ], evaluatorComment: "Subscription required to access Link 1014774", id: "CVE-2008-1367", lastModified: "2024-11-21T00:44:22.930", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-17T23:44:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html", }, { source: "cve@mitre.org", url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html", }, { source: "cve@mitre.org", url: "http://lists.vmware.com/pipermail/security-announce/2008/000023.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://lkml.org/lkml/2008/3/5/207", }, { source: "cve@mitre.org", url: "http://lwn.net/Articles/272048/#Comments", }, { source: "cve@mitre.org", url: "http://marc.info/?l=git-commits-head&m=120492000901739&w=2", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2008-0508.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30110", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30116", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30818", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30850", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30890", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30962", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31246", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0211.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0233.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29084", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2222/references", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=437312", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41340", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.vmware.com/pipermail/security-announce/2008/000023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://lkml.org/lkml/2008/3/5/207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lwn.net/Articles/272048/#Comments", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=git-commits-head&m=120492000901739&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2008-0508.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30890", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0211.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0233.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2222/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=437312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-11-01 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:g\\+\\+:*:*:*:*:*:*:*:*", matchCriteriaId: "3F8F6387-72F3-4659-B298-4B1752213D1C", versionEndIncluding: "3.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "0914E3FE-A632-4E8B-B6E4-71CC6DBD07D3", versionEndIncluding: "3.3.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.", }, ], id: "CVE-2000-1219", lastModified: "2024-11-20T23:34:17.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-11-01T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/540517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/540517", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 22:15
Modified
2024-11-21 06:14
Severity ?
Summary
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 | Exploit, Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", matchCriteriaId: "28CC79FD-6BF9-4B39-970C-C509C931C6C1", versionEndExcluding: "2.32", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "6FD05F2E-587B-414E-A448-0CAF86504A08", versionEndExcluding: "10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.", }, { lang: "es", value: "Se ha detectado que GCC c++filt versión v2.26 contiene una vulnerabilidad de uso de memoria previamente liberada por medio del componente cplus-dem.c.", }, ], id: "CVE-2021-37322", lastModified: "2024-11-21T06:14:57.600", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T22:15:07.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-14 20:15
Modified
2024-11-21 06:33
Severity ?
Summary
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 | Exploit, Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:12.0:*:*:*:*:*:*:*", matchCriteriaId: "16C0377B-5C1A-440E-B1EE-7BCCECB53F00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", }, { lang: "es", value: "Se ha detectado que GCC versión v12.0, contiene una recursión no controlada por medio del componente libiberty/rust-demangle.c. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) al consumir excesivos recursos de CPU y memoria", }, ], id: "CVE-2021-46195", lastModified: "2024-11-21T06:33:45.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-14T20:15:15.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 19:29
Modified
2024-11-21 03:46
Severity ?
Summary
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "D998C19C-5A21-438C-BF08-09F01FBA84E4", versionEndIncluding: "8.0", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", }, { lang: "es", value: "stack_protect_prologue en cfgexpand.c y stack_protect_epilogue en function.c en GNU Compiler Collection (GCC) 4.1 a 8 (bajo ciertas circunstancias) genera secuencias de instrucciones al apuntar a objetivos ARM que derraman la dirección del protector de pila, que permite al atacante eludir el la protección de -fstack-protector, -fstack-protector-all, -fstack-protector-strong y -fstack-protector-explicit contra el desbordamiento de pila controlando contra qué se compara la pila Canary.", }, ], id: "CVE-2018-12886", lastModified: "2024-11-21T03:46:02.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T19:29:00.297", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.gnu.org/software/gcc/gcc-8/changes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.gnu.org/software/gcc/gcc-8/changes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-02 23:15
Modified
2024-11-21 04:29
Severity ?
Summary
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "5C24970D-A6E6-4AFC-876C-AA77A4D9F2C9", versionEndExcluding: "7.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "0C079769-9E9D-4338-9246-B80DB23FF8C2", versionEndExcluding: "8.4.0", versionStartIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "D143DC53-6A5E-42E7-AF7B-9568650BF837", versionEndExcluding: "9.3.0", versionStartIncluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "1CBB0226-5EEA-4106-B59D-35BAFA97C1B6", versionEndExcluding: "10.1.0", versionStartIncluding: "10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", }, { lang: "es", value: "El backend POWER9 en GNU Compiler Collection (GCC) en versiones anteriores a la 10 podría optimizar múltiples llamadas de __builtin_darn intrínsecas en una sola llamada, reduciendo así la entropía del generador de números aleatorios. Esto ocurrió porque no se especificó una operación volátil. Por ejemplo, dentro de una sola ejecución de un programa, la salida de cada llamada __builtin_darn() puede ser la misma.", }, ], id: "CVE-2019-15847", lastModified: "2024-11-21T04:29:36.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-02T23:15:10.837", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-331", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-13 09:15
Modified
2024-11-21 08:34
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.
The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
References
▼ | URL | Tags | |
---|---|---|---|
arm-security@arm.com | https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 | Exploit, Patch, Third Party Advisory | |
arm-security@arm.com | https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:arm64:*", matchCriteriaId: "C8373A25-594D-4F3F-981B-0D02056992FC", versionEndExcluding: "2023-09-12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "arm-security@arm.com", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n", }, { lang: "es", value: "Una falla en la función -fstack-protector en cadenas de herramientas basadas en GCC que apuntan a AArch64 permite a un atacante explotar un Desbordamiento de Búfer existente en variables locales de tamaño dinámico en su aplicación sin que esto sea detectado. Esta falla del protector de pila solo se aplica a variables locales de tamaño dinámico estilo C99 o aquellas creadas usando alloca(). El protector de pila funciona según lo previsto para variables locales de tamaño estático. El comportamiento predeterminado cuando el protector de pila detecta un desbordamiento es finalizar su aplicación, lo que resulta en una pérdida controlada de disponibilidad. Un atacante que pueda aprovechar un Desbordamiento del Búfer sin activar el protector de pila podría cambiar el control de flujo del programa para provocar una pérdida incontrolada de disponibilidad o ir más allá y afectar la confidencialidad o la integridad.", }, ], id: "CVE-2023-4039", lastModified: "2024-11-21T08:34:16.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "arm-security@arm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-13T09:15:15.690", references: [ { source: "arm-security@arm.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", }, { source: "arm-security@arm.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", }, ], sourceIdentifier: "arm-security@arm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-693", }, ], source: "arm-security@arm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-01 21:15
Modified
2024-11-21 06:22
Severity ?
Summary
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | gcc | 11.2 | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
fedoraproject | fedora | 37 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:11.2:*:*:*:*:*:*:*", matchCriteriaId: "ED8CAF0C-9804-4C44-9905-E123C87B9952", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", }, { lang: "es", value: "Un desbordamiento del búfer de la pila en la función dlang_lname en el archivo d-demangle.c en libiberty permite a atacantes causar potencialmente una denegación de servicio (fallo de segmentación y caída) por medio de un símbolo mangled diseñado", }, ], id: "CVE-2021-3826", lastModified: "2024-11-21T06:22:32.990", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-01T21:15:08.843", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2015-11-17 15:59
Modified
2024-11-21 02:32
Severity ?
Summary
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", matchCriteriaId: "1C0FDB07-A56D-431F-A419-9F19EE9379FE", versionEndExcluding: "4.9.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", }, { lang: "es", value: "La clase std::random_device en libstdc++ en el GNU Compiler Collection (también conocido como GCC) en versiones anteriores a 4.9.4 no maneja adecuadamente lecturas cortas desde fuentes bloqueadas, lo que hace mas fácil para atacantes dependientes del contexto predecir los valores aleatorios a través de vectores no especificados.", }, ], id: "CVE-2015-5276", lastModified: "2024-11-21T02:32:41.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-17T15:59:04.357", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034375", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-04-20 10:02
Modified
2024-11-21 00:10
Severity ?
Summary
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gcc:4.1:*:*:*:*:*:*:*", matchCriteriaId: "CD2441A8-8FEE-4F96-BB88-3965C747A78B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is \"not correctly interpreting an offset to a pointer as a signed value.\"", }, ], id: "CVE-2006-1902", lastModified: "2024-11-21T00:10:03.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-04-20T10:02:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html", }, { source: "cve@mitre.org", url: "http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/431184/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/431245/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/431297/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/431319/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/431184/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/431245/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/431297/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/431319/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2022-27943
Vulnerability from cvelistv5
Published
2022-03-26 00:00
Modified
2024-08-03 05:41
Severity ?
EPSS score ?
Summary
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:41:10.990Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", }, { tags: [ "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", }, { name: "FEDORA-2022-c9a1fd5370", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-10T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", }, { url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", }, { name: "FEDORA-2022-c9a1fd5370", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-27943", datePublished: "2022-03-26T00:00:00", dateReserved: "2022-03-26T00:00:00", dateUpdated: "2024-08-03T05:41:10.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4039
Vulnerability from cvelistv5
Published
2023-09-13 08:05
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.
The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Arm Ltd | Arm GNU Toolchain |
Version: All versions where option -fstack-protector is used |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:17:11.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", }, { tags: [ "x_transferred", ], url: "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Arm GNU Toolchain", vendor: "Arm Ltd", versions: [ { status: "affected", version: "All versions where option -fstack-protector is used", }, ], }, { defaultStatus: "unaffected", product: "GCC", vendor: "GNU", versions: [ { status: "affected", version: "All versions of GCC that target AArch64 when option -fstack-protector is used", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nThe specific conditions where the stack-protector fails to give the desired level of protection are when:\n\n\n<ul>\n <li>using GCC (all unpatched versions) targeting AArch64</li>\n <li>and when the -fstack-protector option is used</li>\n <li>and when the program uses C99-style dynamically-sized local variables or alloca()</li>\n</ul>\n<p>And to be exploitable there must also be a prior vulnerability in the\n program such that an attacker can cause a buffer overflow in these \nlocal variables that overwrites saved register values in the stack.</p>\n\n<br>", }, ], value: "The specific conditions where the stack-protector fails to give the desired level of protection are when:\n\n\n\n * using GCC (all unpatched versions) targeting AArch64\n\n * and when the -fstack-protector option is used\n\n * and when the program uses C99-style dynamically-sized local variables or alloca()\n\n\n\n\nAnd to be exploitable there must also be a prior vulnerability in the\n program such that an attacker can cause a buffer overflow in these \nlocal variables that overwrites saved register values in the stack.\n\n\n\n\n", }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Tom Hebb from Meta Red Team X and Maria Markstedter from Azeria Labs", }, ], datePublic: "2023-09-12T09:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>\n</p><p>**DISPUTED** A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.</p><p>The default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.</p>\n\n<p></p>", }, ], value: "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693 Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T08:05:10.274Z", orgId: "56a131ea-b967-4a0d-a41e-5f3549952846", shortName: "Arm", }, references: [ { url: "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", }, { url: "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nRecompile vulnerable code using an updated toolchain.\n\n<br>", }, ], value: "Recompile vulnerable code using an updated toolchain.\n\n\n", }, ], source: { discovery: "EXTERNAL", }, tags: [ "disputed", ], title: "GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64", x_generator: { engine: "Vulnogram 0.1.0-dev", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "arm-security@arm.com", ID: "CVE-2023-4039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Arm GNU Toolchain", version: { version_data: [ { version_value: "All versions of GCC that target AArch64 when option -fstack-protector is used", }, ], }, }, ], }, vendor_name: "Arm Ltd", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "5.0", description: { description_data: [ { lang: "eng", value: "**DISPUTED** A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", refsource: "MISC", url: "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "56a131ea-b967-4a0d-a41e-5f3549952846", assignerShortName: "Arm", cveId: "CVE-2023-4039", datePublished: "2023-09-13T08:05:10.274Z", dateReserved: "2023-08-01T10:38:03.032Z", dateUpdated: "2024-08-02T07:17:11.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15847
Vulnerability from cvelistv5
Published
2019-09-02 22:03
Modified
2024-08-05 01:03
Severity ?
EPSS score ?
Summary
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
References
▼ | URL | Tags |
---|---|---|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:03:30.919Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", }, { name: "openSUSE-SU-2019:2364", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", }, { name: "openSUSE-SU-2019:2365", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", }, { name: "openSUSE-SU-2020:0716", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-26T12:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", }, { name: "openSUSE-SU-2019:2364", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", }, { name: "openSUSE-SU-2019:2365", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", }, { name: "openSUSE-SU-2020:0716", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15847", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", refsource: "MISC", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", }, { name: "openSUSE-SU-2019:2364", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", }, { name: "openSUSE-SU-2019:2365", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", }, { name: "openSUSE-SU-2020:0716", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15847", datePublished: "2019-09-02T22:03:34", dateReserved: "2019-09-02T00:00:00", dateUpdated: "2024-08-05T01:03:30.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-1219
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
References
▼ | URL | Tags |
---|---|---|
http://www.kb.cert.org/vuls/id/540517 | third-party-advisory, x_refsource_CERT-VN | |
http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:45:37.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#540517", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/540517", }, { name: "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-04-21T04:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "VU#540517", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/540517", }, { name: "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-1219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "VU#540517", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/540517", }, { name: "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-1219", datePublished: "2005-04-21T04:00:00Z", dateReserved: "2005-04-21T00:00:00Z", dateUpdated: "2024-09-16T20:36:59.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1685
Vulnerability from cvelistv5
Published
2008-04-06 23:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/41686 | vdb-entry, x_refsource_XF | |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763 | x_refsource_MISC | |
http://www.kb.cert.org/vuls/id/162289 | third-party-advisory, x_refsource_CERT-VN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "gcc-weak-security(41686)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41686", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { name: "VU#162289", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/162289", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-30T00:00:00", descriptions: [ { lang: "en", value: "gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "gcc-weak-security(41686)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41686", }, { tags: [ "x_refsource_MISC", ], url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { name: "VU#162289", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/162289", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1685", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "gcc-weak-security(41686)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41686", }, { name: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", refsource: "MISC", url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { name: "VU#162289", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/162289", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1685", datePublished: "2008-04-06T23:00:00", dateReserved: "2008-04-06T00:00:00", dateUpdated: "2024-08-07T08:32:01.285Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3826
Vulnerability from cvelistv5
Published
2022-09-01 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:09:09.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", }, { tags: [ "x_transferred", ], url: "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", }, { name: "FEDORA-2022-8e1df11a7a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", }, { name: "FEDORA-2022-affcf9eea6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", }, { name: "FEDORA-2022-19538a3732", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", }, { name: "FEDORA-2022-c9a1fd5370", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, { name: "FEDORA-2022-667ee398b1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gcc", vendor: "n/a", versions: [ { status: "affected", version: "gcc 11.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-14T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", }, { url: "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", }, { name: "FEDORA-2022-8e1df11a7a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", }, { name: "FEDORA-2022-affcf9eea6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", }, { name: "FEDORA-2022-19538a3732", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", }, { name: "FEDORA-2022-c9a1fd5370", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", }, { name: "FEDORA-2022-667ee398b1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3826", datePublished: "2022-09-01T00:00:00", dateReserved: "2021-09-23T00:00:00", dateUpdated: "2024-08-03T17:09:09.547Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46195
Vulnerability from cvelistv5
Published
2022-01-14 19:16
Modified
2024-08-04 05:02
Severity ?
EPSS score ?
Summary
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
References
▼ | URL | Tags |
---|---|---|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:02:11.021Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-14T19:16:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-46195", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", refsource: "MISC", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-46195", datePublished: "2022-01-14T19:16:12", dateReserved: "2022-01-10T00:00:00", dateUpdated: "2024-08-04T05:02:11.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-12886
Vulnerability from cvelistv5
Published
2019-05-22 18:42
Modified
2024-08-05 08:45
Severity ?
EPSS score ?
Summary
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
References
▼ | URL | Tags |
---|---|---|
https://www.gnu.org/software/gcc/gcc-8/changes.html | x_refsource_MISC | |
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:45:02.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.gnu.org/software/gcc/gcc-8/changes.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T18:42:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.gnu.org/software/gcc/gcc-8/changes.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-12886", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.gnu.org/software/gcc/gcc-8/changes.html", refsource: "MISC", url: "https://www.gnu.org/software/gcc/gcc-8/changes.html", }, { name: "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup", refsource: "CONFIRM", url: "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-12886", datePublished: "2019-05-22T18:42:10", dateReserved: "2018-06-26T00:00:00", dateUpdated: "2024-08-05T08:45:02.343Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1367
Vulnerability from cvelistv5
Published
2008-03-17 23:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:17:34.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "30962", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30962", }, { name: "[gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html", }, { name: "[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html", }, { name: "[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058", }, { name: "[linux-kernel] 20080305 Linux doesn't follow x86/x86-64 ABI wrt direction flag", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lkml.org/lkml/2008/3/5/207", }, { name: "30850", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30850", }, { name: "30116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30116", }, { name: "RHSA-2008:0233", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0233.html", }, { name: "30110", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30110", }, { name: "SUSE-SA:2008:031", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html", }, { name: "ADV-2008-2222", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2222/references", }, { name: "[git-commits-head] 20080307 x86: clear DF before calling signal handler", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=git-commits-head&m=120492000901739&w=2", }, { name: "29084", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29084", }, { name: "gcc-cld-dos(41340)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41340", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=437312", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lwn.net/Articles/272048/#Comments", }, { name: "RHSA-2008:0211", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0211.html", }, { name: "oval:org.mitre.oval:def:11108", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108", }, { name: "30890", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30890", }, { name: "RHSA-2008:0508", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0508.html", }, { name: "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000023.html", }, { name: "SUSE-SA:2008:030", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51", }, { name: "31246", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31246", }, { name: "[gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html", }, { name: "30818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30818", }, { name: "SUSE-SA:2008:032", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-06T00:00:00", descriptions: [ { lang: "en", value: "gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "30962", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30962", }, { name: "[gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html", }, { name: "[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html", }, { name: "[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058", }, { name: "[linux-kernel] 20080305 Linux doesn't follow x86/x86-64 ABI wrt direction flag", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lkml.org/lkml/2008/3/5/207", }, { name: "30850", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30850", }, { name: "30116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30116", }, { name: "RHSA-2008:0233", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0233.html", }, { name: "30110", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30110", }, { name: "SUSE-SA:2008:031", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html", }, { name: "ADV-2008-2222", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2222/references", }, { name: "[git-commits-head] 20080307 x86: clear DF before calling signal handler", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=git-commits-head&m=120492000901739&w=2", }, { name: "29084", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29084", }, { name: "gcc-cld-dos(41340)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41340", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=437312", }, { tags: [ "x_refsource_MISC", ], url: "http://lwn.net/Articles/272048/#Comments", }, { name: "RHSA-2008:0211", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0211.html", }, { name: "oval:org.mitre.oval:def:11108", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108", }, { name: "30890", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30890", }, { name: "RHSA-2008:0508", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0508.html", }, { name: "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000023.html", }, { name: "SUSE-SA:2008:030", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51", }, { name: "31246", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31246", }, { name: "[gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html", }, { name: "30818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30818", }, { name: "SUSE-SA:2008:032", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1367", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "30962", refsource: "SECUNIA", url: "http://secunia.com/advisories/30962", }, { name: "[gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html", }, { name: "[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html", }, { name: "[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058", }, { name: "[linux-kernel] 20080305 Linux doesn't follow x86/x86-64 ABI wrt direction flag", refsource: "MLIST", url: "http://lkml.org/lkml/2008/3/5/207", }, { name: "30850", refsource: "SECUNIA", url: "http://secunia.com/advisories/30850", }, { name: "30116", refsource: "SECUNIA", url: "http://secunia.com/advisories/30116", }, { name: "RHSA-2008:0233", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0233.html", }, { name: "30110", refsource: "SECUNIA", url: "http://secunia.com/advisories/30110", }, { name: "SUSE-SA:2008:031", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html", }, { name: "ADV-2008-2222", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2222/references", }, { name: "[git-commits-head] 20080307 x86: clear DF before calling signal handler", refsource: "MLIST", url: "http://marc.info/?l=git-commits-head&m=120492000901739&w=2", }, { name: "29084", refsource: "BID", url: "http://www.securityfocus.com/bid/29084", }, { name: "gcc-cld-dos(41340)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41340", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=437312", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=437312", }, { name: "http://lwn.net/Articles/272048/#Comments", refsource: "MISC", url: "http://lwn.net/Articles/272048/#Comments", }, { name: "RHSA-2008:0211", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0211.html", }, { name: "oval:org.mitre.oval:def:11108", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108", }, { name: "30890", refsource: "SECUNIA", url: "http://secunia.com/advisories/30890", }, { name: "RHSA-2008:0508", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2008-0508.html", }, { name: "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", refsource: "MLIST", url: "http://lists.vmware.com/pipermail/security-announce/2008/000023.html", }, { name: "SUSE-SA:2008:030", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html", }, { name: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51", refsource: "CONFIRM", url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51", }, { name: "31246", refsource: "SECUNIA", url: "http://secunia.com/advisories/31246", }, { name: "[gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html", }, { name: "30818", refsource: "SECUNIA", url: "http://secunia.com/advisories/30818", }, { name: "SUSE-SA:2008:032", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1367", datePublished: "2008-03-17T23:00:00", dateReserved: "2008-03-17T00:00:00", dateUpdated: "2024-08-07T08:17:34.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5276
Vulnerability from cvelistv5
Published
2015-11-17 15:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1262846 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html | vendor-advisory, x_refsource_SUSE | |
http://www.securitytracker.com/id/1034375 | vdb-entry, x_refsource_SECTRACK | |
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.262Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", }, { name: "openSUSE-SU-2015:1946", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", }, { name: "1034375", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034375", }, { name: "openSUSE-SU-2016:1069", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-10T00:00:00", descriptions: [ { lang: "en", value: "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-05T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", }, { name: "openSUSE-SU-2015:1946", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", }, { name: "1034375", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034375", }, { name: "openSUSE-SU-2016:1069", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5276", datePublished: "2015-11-17T15:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37322
Vulnerability from cvelistv5
Published
2021-11-18 21:11
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
References
▼ | URL | Tags |
---|---|---|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:03.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T21:11:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188", refsource: "MISC", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37322", datePublished: "2021-11-18T21:11:21", dateReserved: "2021-07-21T00:00:00", dateUpdated: "2024-08-04T01:16:03.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-1902
Vulnerability from cvelistv5
Published
2006-04-20 10:00
Modified
2024-08-07 17:27
Severity ?
EPSS score ?
Summary
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/431297/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763 | x_refsource_CONFIRM | |
http://www.securityfocus.com/archive/1/431245/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/archive/1/431319/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896 | x_refsource_MISC | |
http://www.securityfocus.com/archive/1/431184/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html | mailing-list, x_refsource_MLIST | |
http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h | x_refsource_CONFIRM | |
http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T17:27:29.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20060418 Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/431297/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { name: "20060418 RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/431245/100/0/threaded", }, { name: "20060418 Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/431319/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896", }, { name: "20060417 gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/431184/100/0/threaded", }, { name: "[gcc-bugs] 20060417 [Bug c/27180] New: pointer arithmetic overflow handling broken", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h", }, { name: "[gcc-bugs] 20060417 [Bug middle-end/27180] New: pointer arithmetic overflow handling broken", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-03-19T00:00:00", descriptions: [ { lang: "en", value: "fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is \"not correctly interpreting an offset to a pointer as a signed value.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-18T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20060418 Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/431297/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { name: "20060418 RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/431245/100/0/threaded", }, { name: "20060418 Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/431319/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896", }, { name: "20060417 gcc 4.1 bug miscompiles pointer range checks, may place you at risk", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/431184/100/0/threaded", }, { name: "[gcc-bugs] 20060417 [Bug c/27180] New: pointer arithmetic overflow handling broken", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h", }, { name: "[gcc-bugs] 20060417 [Bug middle-end/27180] New: pointer arithmetic overflow handling broken", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-1902", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is \"not correctly interpreting an offset to a pointer as a signed value.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20060418 Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/431297/100/0/threaded", }, { name: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", refsource: "CONFIRM", url: "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763", }, { name: "20060418 RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/431245/100/0/threaded", }, { name: "20060418 Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/431319/100/0/threaded", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896", refsource: "MISC", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896", }, { name: "20060417 gcc 4.1 bug miscompiles pointer range checks, may place you at risk", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/431184/100/0/threaded", }, { name: "[gcc-bugs] 20060417 [Bug c/27180] New: pointer arithmetic overflow handling broken", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html", }, { name: "http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h", refsource: "CONFIRM", url: "http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h", }, { name: "[gcc-bugs] 20060417 [Bug middle-end/27180] New: pointer arithmetic overflow handling broken", refsource: "MLIST", url: "http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-1902", datePublished: "2006-04-20T10:00:00", dateReserved: "2006-04-20T00:00:00", dateUpdated: "2024-08-07T17:27:29.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2439
Vulnerability from cvelistv5
Published
2019-10-23 17:47
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
References
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2002-2439 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2002-2439 | x_refsource_MISC | |
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:06:54.588Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2002-2439", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2002-2439", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gcc", vendor: "GNU", versions: [ { status: "affected", version: "4.8.0", }, ], }, ], datePublic: "2005-01-09T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", }, ], problemTypes: [ { descriptions: [ { description: "Integer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-23T17:47:38", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2002-2439", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2002-2439", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2002-2439", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gcc", version: { version_data: [ { version_value: "4.8.0", }, ], }, }, ], }, vendor_name: "GNU", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Integer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://security-tracker.debian.org/tracker/CVE-2002-2439", refsource: "MISC", url: "https://security-tracker.debian.org/tracker/CVE-2002-2439", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", }, { name: "https://access.redhat.com/security/cve/cve-2002-2439", refsource: "MISC", url: "https://access.redhat.com/security/cve/cve-2002-2439", }, { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", refsource: "CONFIRM", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2002-2439", datePublished: "2019-10-23T17:47:38", dateReserved: "2012-01-04T00:00:00", dateUpdated: "2024-08-08T04:06:54.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-11671
Vulnerability from cvelistv5
Published
2017-07-26 21:00
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
References
▼ | URL | Tags |
---|---|---|
http://openwall.com/lists/oss-security/2017/07/27/2 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100018 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2018:0849 | vendor-advisory, x_refsource_REDHAT | |
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 | x_refsource_CONFIRM | |
https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:12:40.692Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2017/07/27/2", }, { name: "100018", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100018", }, { name: "RHSA-2018:0849", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0849", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-26T00:00:00", descriptions: [ { lang: "en", value: "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://openwall.com/lists/oss-security/2017/07/27/2", }, { name: "100018", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100018", }, { name: "RHSA-2018:0849", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0849", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-11671", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://openwall.com/lists/oss-security/2017/07/27/2", refsource: "CONFIRM", url: "http://openwall.com/lists/oss-security/2017/07/27/2", }, { name: "100018", refsource: "BID", url: "http://www.securityfocus.com/bid/100018", }, { name: "RHSA-2018:0849", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0849", }, { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", refsource: "CONFIRM", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", }, { name: "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", refsource: "CONFIRM", url: "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-11671", datePublished: "2017-07-26T21:00:00", dateReserved: "2017-07-26T00:00:00", dateUpdated: "2024-08-05T18:12:40.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }