Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

xfocus-SD-060206.txt

🗓️ 08 Feb 2006 00:00:00Reported by xfocus.orgType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 45 Views

XFOCUS discovered vulnerability in BCB6 compiler due to incorrect handling of sizeof operator causing integer overflow

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Title:[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator  
vulnerability  
  
Affected version : <= BCB6+ent_upd4  
Vendor: http://borland.com/  
Url: http://www.xfocus.net/releases/200602/a849.html  
  
  
XFOCUS (http://www.xfocus.org) had already discovered  
a vulnerability in BCB6(ent_upd4) compiler.  
It maybe cause integer overflow if you misuse use sizeof operator.  
  
  
/**  
* check_compiler_sizeof_vulnerability.c  
*  
* Check compiler whether correct deal with sizeof operator,  
* which can cause integer overflow if you careless use !!!  
*  
* note: some old compiler have this vulnerability!!!!  
*  
* by [email protected]  
*  
* XFOCUS Security Team  
* http://www.xfocus.org  
*  
* already tested:  
*  
* BCB6+ent_upd4....................................vuln !!!  
* gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln  
* gcc version 2.95.3-4(cygwin special).............not vuln  
* gcc version egcs-2.91.66.........................not vuln  
* cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln  
* VC6+sp5..........................................not vuln ,thank eyas  
* lcc version 3.8..................................not vuln ,thank  
tombkeeper  
* evc4+sp4.........................................not vuln ,thank san  
*  
* REQUEST YOUR COMMENT:  
* VC6 not sp5......................................?  
* VC7..............................................?  
* evc not sp4......................................?  
* freebsd gcc version..............................?  
* openbsd gcc version..............................?  
* ...  
*/  
#include <stdio.h>  
  
int main(int argc, char *argv[])  
{  
int i =-1;  
  
printf("Check compiler whether correct deal with sizeof  
operator\n");  
printf(" by [email protected] \n\n");  
  
if (i > sizeof ( int ) )  
{  
printf("This compiler is not vuln\n");  
}else  
printf("This compiler is vuln!!!\n");  
  
getchar();  
  
return 0;  
}  
  
  
- --EOF  
  
- --  
  
Kind Regards,  
  
- ---  
XFOCUS Security Team  
http://www.xfocus.org  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.1 (GNU/Linux)  
  
iD8DBQFD51e5whDwaF6cSWIRAmbkAJ4sN66WOJMKPY4RjSq5p7TvdSGGigCfe5SU  
wolEFAITtYi8fWNND0uyO5c=  
=ibnF  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Feb 2006 00:00Current
0.1Low risk
Vulners AI Score0.1
xfocusbcb6compilervulnerabilitysizeof operatorinteger overflow.
45