apk package
chainguard/gcc-6-doc
pkg:apk/chainguard/gcc-6-doc
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4039 | — | < 6.5.0-r5 | 6.5.0-r5 | Sep 13, 2023 | **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only | ||
| CVE-2021-37322 | — | < 0 | 0 | Nov 18, 2021 | GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | ||
| CVE-2019-15847 | — | < 0 | 0 | Sep 2, 2019 | The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For exam | ||
| CVE-2018-12886 | — | < 6.5.0-r5 | 6.5.0-r5 | May 22, 2019 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows |
- CVE-2023-4039Sep 13, 2023affected < 6.5.0-r5fixed 6.5.0-r5
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only
- CVE-2021-37322Nov 18, 2021affected < 0fixed 0
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
- CVE-2019-15847Sep 2, 2019affected < 0fixed 0
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For exam
- CVE-2018-12886May 22, 2019affected < 6.5.0-r5fixed 6.5.0-r5
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows