PT-2019-14433 · Gnu+4 · Gnu Compiler Collection+4

Jack Lloyd

Publicado

2019-09-02

Atualizado

2024-06-15

CVE-2019-15847

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNU Compiler Collection (GCC) versions prior to 10

Description The issue concerns the POWER9 backend in GNU Compiler Collection (GCC) where the optimizer could reduce the entropy of the random number generator by combining multiple calls of the builtin darn intrinsic into a single call. This happened because the operation was not marked as volatile. As a result, within a single program execution, every call to builtin darn() might produce the same output.

Recommendations For versions prior to 10, update to version 10 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-331

Identificadores relacionados

ALT-PU-2020-1432

ALT-PU-2020-1663

ALT-PU-2020-1979

ALT-PU-2020-3355

ALT-PU-2021-1231

CESA-2020_1864

CVE-2019-15847

OPENSUSE-SU-2019:2364-1

OPENSUSE-SU-2019:2365-1

OPENSUSE-SU-2019_2364-1

OPENSUSE-SU-2019_2365-1

OPENSUSE-SU-2020:0716-1

OPENSUSE-SU-2020_0716-1

OPENSUSE-SU-2024:10703-1

RHSA-2020:0924

RHSA-2020:1864

RHSA-2020:2274

RHSA-2020_1864

SUSE-SU-2019:2702-1

SUSE-SU-2019:3061-1

SUSE-SU-2020:0394-1

SUSE-SU-2023:3662-1

Produtos afetados

Alt Linux

Centos

Gnu Compiler Collection

Red Hat

Suse

PT-2019-14433 · Gnu+4 · Gnu Compiler Collection+4

CVE-2019-15847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 88