Integer Overflow Vulnerability in Libiberty Affects GCC Compiler
CVE-2016-2226

7.8HIGH

Key Information:

Vendor
Gnu
Status
Libiberty
Vendor
CVE Published:
24 February 2017

Summary

The vulnerability resides in the string_appends function within the libiberty component of GCC, where improper handling of integer variables can lead to an overflow. Attackers can exploit this by supplying a specially crafted executable that triggers a buffer overflow, allowing arbitrary code execution. This could lead to severe consequences including unauthorized access to system resources.

References

https://www.exploit-db.com/exploits/42386/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/90103
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/05/05/5
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.