Buffer Overflow Vulnerability in GNU Compiler Collection
CVE-2008-1685

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
6 April 2008

Summary

The GNU Compiler Collection versions 4.2.0 to 4.3.0 exhibit a vulnerability where, in the absence of casts, the sum of a pointer and an integer is misjudged as greater than or equal to the pointer. This behavior can inadvertently eliminate essential length checks designed to guard against integer and buffer overflow attacks, facilitating potential security risks with no warning provided during compilation. While the vendor asserts compliance with the C99 standard, the implications of such behavior underscore critical vulnerabilities in software built with these compiler versions.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.