Name | CVE-2023-4039 |
Description | **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
gcc-10 (PTS) | bullseye | 10.2.1-6 | vulnerable |
gcc-11 (PTS) | bookworm | 11.3.0-12 | vulnerable |
| sid, trixie | 11.5.0-1 | fixed |
gcc-12 (PTS) | bookworm | 12.2.0-14 | vulnerable |
| sid, trixie | 12.4.0-2 | fixed |
gcc-13 (PTS) | sid, trixie | 13.3.0-6 | fixed |
gcc-9 (PTS) | bullseye | 9.3.0-22 | vulnerable |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
gcc-10 | source | (unstable) | 10.5.0-3 | | | |
gcc-11 | source | (unstable) | 11.4.0-4 | | | |
gcc-12 | source | (unstable) | 12.3.0-9 | | | |
gcc-13 | source | (unstable) | 13.2.0-4 | | | |
gcc-7 | source | (unstable) | (unfixed) | | | |
gcc-8 | source | (unstable) | (unfixed) | | | |
gcc-9 | source | (unstable) | 9.5.0-6 | | | |
Notes
[bookworm] - gcc-12 <no-dsa> (Minor issue)
[bookworm] - gcc-11 <no-dsa> (Minor issue)
[bullseye] - gcc-10 <no-dsa> (Minor issue)
[bullseye] - gcc-9 <no-dsa> (Minor issue)
[buster] - gcc-8 <no-dsa> (Minor issue)
[buster] - gcc-7 <no-dsa> (Minor issue)
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf