CVE-2023-4039
GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.
The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
Una falla en la función -fstack-protector en cadenas de herramientas basadas en GCC que apuntan a AArch64 permite a un atacante explotar un Desbordamiento de Búfer existente en variables locales de tamaño dinámico en su aplicación sin que esto sea detectado. Esta falla del protector de pila solo se aplica a variables locales de tamaño dinámico estilo C99 o aquellas creadas usando alloca(). El protector de pila funciona según lo previsto para variables locales de tamaño estático. El comportamiento predeterminado cuando el protector de pila detecta un desbordamiento es finalizar su aplicación, lo que resulta en una pérdida controlada de disponibilidad. Un atacante que pueda aprovechar un Desbordamiento del Búfer sin activar el protector de pila podría cambiar el control de flujo del programa para provocar una pérdida incontrolada de disponibilidad o ir más allá y afectar la confidencialidad o la integridad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-01 CVE Reserved
- 2023-09-13 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-693: Protection Mechanism Failure
CAPEC
- CAPEC-100: Overflow Buffers
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Gcc Search vendor "Gnu" for product "Gcc" | < 2023-09-12 Search vendor "Gnu" for product "Gcc" and version " < 2023-09-12" | arm64 |
Affected
|