Описание
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | gcc | Not affected | ||
| Red Hat Enterprise Linux 4 | gcc4 | Not affected | ||
| Red Hat Enterprise Linux 5 | gcc | Not affected | ||
| Red Hat Enterprise Linux 5 | gcc44 | Not affected | ||
| Red Hat Enterprise Linux 6 | gcc | Not affected | ||
| Red Hat Enterprise Linux 7 | gcc | Not affected | ||
| Red Hat Enterprise Linux 8 | gcc | Not affected |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS3
Связанные уязвимости
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
Уязвимость функций stack_protect_prologue и stack_protect_epilogue набора компиляторов для различных языков программирования GNU Compiler Collection (GCC), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
6.8 Medium
CVSS3