Unrated severityNVD Advisory· Published May 22, 2019· Updated Aug 5, 2024
CVE-2018-12886
CVE-2018-12886
Description
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
Affected products
17- Free Software Foundation/GNU Compiler Collection (GCC)description
- osv-coords16 versionspkg:apk/chainguard/gcc-6pkg:apk/chainguard/gcc-6-docpkg:apk/chainguard/gcj-6pkg:apk/chainguard/libgcj-6pkg:apk/chainguard/libstdc%2B%2B-6pkg:apk/chainguard/libstdc%2B%2B-6-devpkg:apk/chainguard/libstdc++-6pkg:apk/chainguard/libstdc++-6-devpkg:apk/wolfi/gcc-6pkg:apk/wolfi/gcc-6-docpkg:apk/wolfi/gcj-6pkg:apk/wolfi/libgcj-6pkg:apk/wolfi/libstdc%2B%2B-6pkg:apk/wolfi/libstdc%2B%2B-6-devpkg:apk/wolfi/libstdc++-6pkg:apk/wolfi/libstdc++-6-dev
< 6.5.0-r5+ 15 more
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
- (no CPE)range: < 6.5.0-r5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.hmitrex_refsource_CONFIRM
- www.gnu.org/software/gcc/gcc-8/changes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.