CVE-2023-4039

NameCVE-2023-4039
Description**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gcc-10 (PTS)bullseye10.2.1-6vulnerable
sid10.5.0-3fixed
gcc-11 (PTS)bookworm11.3.0-12vulnerable
sid, trixie11.4.0-7fixed
gcc-12 (PTS)bookworm12.2.0-14vulnerable
sid, trixie12.3.0-14fixed
gcc-13 (PTS)trixie13.2.0-13fixed
sid13.2.0-16.1fixed
gcc-7 (PTS)buster7.4.0-6vulnerable
gcc-8 (PTS)buster8.3.0-6vulnerable
gcc-9 (PTS)bullseye9.3.0-22vulnerable
sid9.5.0-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gcc-10source(unstable)10.5.0-3
gcc-11source(unstable)11.4.0-4
gcc-12source(unstable)12.3.0-9
gcc-13source(unstable)13.2.0-4
gcc-7source(unstable)(unfixed)
gcc-8source(unstable)(unfixed)
gcc-9source(unstable)(unfixed)

Notes

[bookworm] - gcc-12 <no-dsa> (Minor issue)
[bookworm] - gcc-11 <no-dsa> (Minor issue)
[bullseye] - gcc-10 <no-dsa> (Minor issue)
[bullseye] - gcc-9 <no-dsa> (Minor issue)
[buster] - gcc-8 <no-dsa> (Minor issue)
[buster] - gcc-7 <no-dsa> (Minor issue)
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf

Search for package or bug name: Reporting problems