5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
37.1%
mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.
ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the “Dynamic base” PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.
Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:
Force mingw-w64 to retain the relocations table
mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program’s source code:
__declspec(dllexport)
This line will cause the following function to be exported. When generating an executable that exports a function name, mingw-w64 will not strip the relocations table.
307144
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 23, 2018 Updated: August 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: August 01, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
Notified: July 26, 2018 Updated: July 26, 2018
Unknown
We have not received a statement from the vendor.
View all 22 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
CVE IDs: | CVE-2018-5392 |
---|---|
Date Public: | 2013-06-09 Date First Published: |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
37.1%