Gcc
by GNU
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4487 | Med | 0.36 | 5.5 | 0.02 | Feb 24, 2017 | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | ||
| CVE-2017-11671 | Med | 0.26 | 4.0 | 0.00 | Jul 26, 2017 | Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can… | ||
| CVE-2023-4039 | 0.00 | — | 0.01 | Sep 13, 2023 | **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only… | |||
| CVE-2021-3826 | 0.00 | — | 0.01 | Sep 1, 2022 | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | |||
| CVE-2022-27943 | 0.00 | — | 0.01 | Mar 26, 2022 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | |||
| CVE-2021-46195 | 0.00 | — | 0.01 | Jan 14, 2022 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | |||
| CVE-2002-2439 | 0.00 | — | 0.01 | Oct 23, 2019 | Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | |||
| CVE-2019-15847 | 0.00 | — | 0.03 | Sep 2, 2019 | The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For… | |||
| CVE-2018-12886 | 0.00 | — | 0.02 | May 22, 2019 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows… | |||
| CVE-2015-5276 | 0.00 | — | 0.03 | Nov 17, 2015 | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | |||
| CVE-2008-1685 | 0.00 | — | 0.01 | Apr 6, 2008 | gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer… | |||
| CVE-2008-1367 | 0.00 | — | 0.03 | Mar 17, 2008 | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong… | |||
| CVE-2006-3619 | 0.00 | — | 0.04 | Jul 25, 2006 | Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. | |||
| CVE-2006-1902 | 0.00 | — | 0.00 | Apr 20, 2006 | fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into… | |||
| CVE-2000-1219 | 0.00 | — | 0.01 | Nov 1, 2000 | The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. |
- risk 0.36cvss 5.5epss 0.02
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
- risk 0.26cvss 4.0epss 0.00
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can…
- CVE-2023-4039Sep 13, 2023risk 0.00cvss —epss 0.01
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only…
- CVE-2021-3826Sep 1, 2022risk 0.00cvss —epss 0.01
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
- CVE-2022-27943Mar 26, 2022risk 0.00cvss —epss 0.01
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
- CVE-2021-46195Jan 14, 2022risk 0.00cvss —epss 0.01
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.
- CVE-2002-2439Oct 23, 2019risk 0.00cvss —epss 0.01
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
- CVE-2019-15847Sep 2, 2019risk 0.00cvss —epss 0.03
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For…
- CVE-2018-12886May 22, 2019risk 0.00cvss —epss 0.02
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows…
- CVE-2015-5276Nov 17, 2015risk 0.00cvss —epss 0.03
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
- CVE-2008-1685Apr 6, 2008risk 0.00cvss —epss 0.01
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer…
- CVE-2008-1367Mar 17, 2008risk 0.00cvss —epss 0.03
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong…
- CVE-2006-3619Jul 25, 2006risk 0.00cvss —epss 0.04
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
- CVE-2006-1902Apr 20, 2006risk 0.00cvss —epss 0.00
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into…
- CVE-2000-1219Nov 1, 2000risk 0.00cvss —epss 0.01
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.