Name | CVE-2023-4039 |
Description |
A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.
The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity.
|
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
gcc-10 (PTS) | bullseye | 10.2.1-6 | vulnerable |
| sid | 10.5.0-2 | vulnerable |
gcc-11 (PTS) | bookworm | 11.3.0-12 | vulnerable |
| sid, trixie | 11.4.0-4 | fixed |
gcc-12 (PTS) | bookworm | 12.2.0-14 | vulnerable |
| sid, trixie | 12.3.0-9 | fixed |
gcc-13 (PTS) | sid, trixie | 13.2.0-4 | fixed |
gcc-7 (PTS) | buster | 7.4.0-6 | vulnerable |
gcc-8 (PTS) | buster | 8.3.0-6 | vulnerable |
gcc-9 (PTS) | bullseye | 9.3.0-22 | vulnerable |
| sid | 9.5.0-4 | vulnerable |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
gcc-10 | source | (unstable) | (unfixed) | | | |
gcc-11 | source | (unstable) | 11.4.0-4 | | | |
gcc-12 | source | (unstable) | 12.3.0-9 | | | |
gcc-13 | source | (unstable) | 13.2.0-4 | | | |
gcc-7 | source | (unstable) | (unfixed) | | | |
gcc-8 | source | (unstable) | (unfixed) | | | |
gcc-9 | source | (unstable) | (unfixed) | | | |
Notes
[bookworm] - gcc-12 <no-dsa> (Minor issue)
[bookworm] - gcc-11 <no-dsa> (Minor issue)
[bullseye] - gcc-10 <no-dsa> (Minor issue)
[bullseye] - gcc-9 <no-dsa> (Minor issue)
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf