CVE-2023-4039

NameCVE-2023-4039
Description **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gcc-10 (PTS)bullseye10.2.1-6vulnerable
gcc-11 (PTS)bookworm11.3.0-12vulnerable
sid11.5.0-1fixed
gcc-12 (PTS)bookworm12.2.0-14vulnerable
sid, trixie12.4.0-2fixed
gcc-13 (PTS)sid, trixie13.3.0-11fixed
gcc-7 (PTS)buster7.4.0-6vulnerable
gcc-8 (PTS)buster8.3.0-6vulnerable
gcc-9 (PTS)bullseye9.3.0-22vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gcc-10source(unstable)10.5.0-3unimportant
gcc-11source(unstable)11.4.0-4unimportant
gcc-12source(unstable)12.3.0-9unimportant
gcc-13source(unstable)13.2.0-4unimportant
gcc-7source(unstable)(unfixed)unimportant
gcc-8source(unstable)(unfixed)unimportant
gcc-9source(unstable)9.5.0-6unimportant

Notes

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf
Not considered a security issue by GCC upstream
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64

Search for package or bug name: Reporting problems