CVE-2008-1685

Name of the Vulnerable Software and Affected Versions GNU Compiler Collection versions 4.2.0 through 4.3.0

Description The issue is related to the incorrect handling of the sum of a pointer and an integer as greater than or equal to the pointer without using casts. This might lead to the removal of length testing code intended as a protection mechanism against integer overflow and buffer overflow attacks. The vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard. Exploitation of this issue could allow a remote attacker to cause a denial of service or other impact.

Recommendations For GNU Compiler Collection versions 4.2.0 through 4.3.0, consider using casts when performing pointer and integer operations to avoid unintended removal of length testing code. As a temporary workaround, manually review code generated by the compiler to ensure that protection mechanisms against integer overflow and buffer overflow attacks are not removed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.