CVE-2018-12886

NameCVE-2018-12886
Descriptionstack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gcc-4.8 (PTS)jessie4.8.4-1vulnerable
gcc-4.9 (PTS)jessie4.9.2-10+deb8u1vulnerable
jessie (security)4.9.2-10+deb8u2vulnerable
gcc-6 (PTS)stretch (security), stretch6.3.0-18+deb9u1vulnerable
gcc-7 (PTS)buster7.4.0-6vulnerable
bullseye, sid7.5.0-3vulnerable
gcc-8 (PTS)buster8.3.0-6vulnerable
bullseye, sid8.3.0-26vulnerable
gcc-snapshot (PTS)sid1:20191130-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gcc-4.8source(unstable)(unfixed)
gcc-4.9source(unstable)(unfixed)
gcc-6source(unstable)(unfixed)
gcc-7source(unstable)(unfixed)
gcc-8source(unstable)(unfixed)
gcc-snapshotsource(unstable)(unfixed)

Notes

[buster] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-7 <ignored> (Too intrusive to backport)
[stretch] - gcc-6 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup

Search for package or bug name: Reporting problems