Buffer Overflow Vulnerability in GNU Compiler Collection
CVE-2008-1685

Currently unrated

Key Information:

Vendor: Gnu
Status: Gcc
Vendor: CVE Published:; 6 April 2008

Summary

The GNU Compiler Collection versions 4.2.0 to 4.3.0 exhibit a vulnerability where, in the absence of casts, the sum of a pointer and an integer is misjudged as greater than or equal to the pointer. This behavior can inadvertently eliminate essential length checks designed to guard against integer and buffer overflow attacks, facilitating potential security risks with no warning provided during compilation. While the vendor asserts compliance with the C99 standard, the implications of such behavior underscore critical vulnerabilities in software built with these compiler versions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41686

vdb-entryx_refsource_XF

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763

x_refsource_MISC

http://www.kb.cert.org/vuls/id/162289

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Apr 6, 2008
Vulnerability Reserved
Apr 6, 2008