| Name | CVE-2018-12886 |
| Description | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gcc-4.8 (PTS) | jessie | 4.8.4-1 | vulnerable |
| gcc-4.9 (PTS) | jessie, jessie (lts) | 4.9.2-10+deb8u2 | vulnerable |
| gcc-6 (PTS) | stretch (security), stretch (lts), stretch | 6.3.0-18+deb9u1 | vulnerable |
| gcc-7 (PTS) | buster | 7.4.0-6 | vulnerable |
| gcc-8 (PTS) | buster | 8.3.0-6 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gcc-4.8 | source | (unstable) | (unfixed) | |||
| gcc-4.9 | source | (unstable) | (unfixed) | |||
| gcc-6 | source | (unstable) | (unfixed) | |||
| gcc-7 | source | (unstable) | (unfixed) | |||
| gcc-8 | source | (unstable) | (unfixed) |
[bullseye] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-7 <ignored> (Too intrusive to backport)
[stretch] - gcc-6 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434
https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2