Memory Corruption Vulnerability in GCC Product from GNU
CVE-2008-1367

Currently unrated

Key Information:

Vendor
Gnu
Status
Gcc
Vendor
CVE Published:
17 March 2008

Summary

In GCC versions 4.3.x, a flaw exists in the compilation of string manipulation functions such as memcpy and memmove for x86 and i386 architectures. This issue arises due to the absence of a 'cld' instruction, preventing the direction flag from being reset according to ABI conventions. Consequently, during signal handling in the Linux kernel, data may be copied in the wrong direction, which can lead to memory corruption that could be exploited by context-dependent attackers. It is crucial for users of affected GCC versions to be aware of this vulnerability and consider applying appropriate mitigations.

References

http://secunia.com/advisories/30962
third-party-advisoryx_refsource_SECUNIA
http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
mailing-listx_refsource_MLIST
http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.