CVE-2018-12886

NameCVE-2018-12886
Descriptionstack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gcc-6 (PTS)stretch (security), stretch6.3.0-18+deb9u1vulnerable
gcc-7 (PTS)buster7.4.0-6vulnerable
gcc-8 (PTS)buster8.3.0-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gcc-4.8source(unstable)(unfixed)
gcc-4.9source(unstable)(unfixed)
gcc-6source(unstable)(unfixed)
gcc-7source(unstable)(unfixed)
gcc-8source(unstable)(unfixed)

Notes

[bullseye] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-7 <ignored> (Too intrusive to backport)
[stretch] - gcc-6 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434
https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2

Search for package or bug name: Reporting problems