Buffer Overflow Vulnerability in GNU Compiler Collection 4.1
CVE-2006-1902

Currently unrated

Key Information:

Vendor: Gnu
Status: Gcc
Vendor: CVE Published:; 20 April 2006

What is CVE-2006-1902?

The GNU Compiler Collection (GCC) 4.1 has a vulnerability in the 'fold_binary' function within 'fold-const.c'. This vulnerability occurs due to improper handling of pointer overflow during expression comparisons, except for EQ_EXPR and NE_EXPR cases. As a result, applications might become susceptible to buffer overflow issues, potentially allowing context-dependent attackers to exploit these weaknesses. The core of the problem lies in the incorrect interpretation of pointer offsets as signed values, leading to serious security risks.

References

http://www.securityfocus.com/archive/1/431297/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/431245/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2006
Vulnerability Reserved
Apr 20, 2006

Gnu

What is CVE-2006-1902?

References

Timeline