CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4039 – GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
https://notcve.org/view.php?id=CVE-2023-4039
13 Sep 2023 — **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is... • https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 • CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46195 – gcc: uncontrolled recursion in libiberty/rust-demangle.c
https://notcve.org/view.php?id=CVE-2021-46195
14 Jan 2022 — GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. Se ha detectado que GCC versión v12.0, contiene una recursión no controlada por medio del componente libiberty/rust-demangle.c. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) al consumir excesivos recursos de CPU y memoria A flaw was discovered in the ... • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 • CWE-674: Uncontrolled Recursion •