CVE-2002-2439

Name of the Vulnerable Software and Affected Versions gcc versions prior to 4.8.0

Description The issue is related to an integer overflow in the new[] operator, which can lead to heap overflows and security bugs. When a new array is allocated, the C++ run-time calculates its size, but if the product exceeds the maximum value that can be stored in a machine register, the error is ignored, and the truncated value is used for the heap allocation.

Recommendations For gcc versions prior to 4.8.0, update to version 4.8.0 or later to resolve the issue. As a temporary workaround, consider implementing additional checks to prevent integer overflows when using the new[] operator. Restrict access to sensitive data and functions that utilize the new[] operator to minimize the risk of exploitation.