PT-2023-5294 · Gcc+5 · Gcc+5
Azeria-Labs
+2
·
Published
2023-09-12
·
Updated
2026-01-27
·
CVE-2023-4039
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GCC versions prior to the fixed version
Description
A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in an application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate the application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Gcc
Linuxmint
Red Os
Suse
Ubuntu