Buffer Overflow Vulnerability in GNU Compiler Collection
CVE-2008-1685
Currently unrated
Summary
The GNU Compiler Collection versions 4.2.0 to 4.3.0 exhibit a vulnerability where, in the absence of casts, the sum of a pointer and an integer is misjudged as greater than or equal to the pointer. This behavior can inadvertently eliminate essential length checks designed to guard against integer and buffer overflow attacks, facilitating potential security risks with no warning provided during compilation. While the vendor asserts compliance with the C99 standard, the implications of such behavior underscore critical vulnerabilities in software built with these compiler versions.
References
Timeline
Vulnerability published
Vulnerability Reserved