CVE-2002-2439

NameCVE-2002-2439
DescriptionInteger overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs710830

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gcc-4.1source(unstable)(unfixed)
gcc-4.3source(unstable)(unfixed)
gcc-4.4source(unstable)(unfixed)low
gcc-4.6source(unstable)(unfixed)low
gcc-4.7source(unstable)(unfixed)low710830
gcc-4.8source(unstable)4.8.0-1low

Notes

[squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
[squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
[squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
[wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
[wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
[wheezy] - gcc-4.7 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
Are there apps known to be exploitable through this?
Any application using unguarded memory allocation would be susceptible to DoS anyway?
This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is
properly rebuild with a fixed version from the start
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
Search for package or bug name: Reporting problems