Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
GnuGcc

14 matches found

CVE
CVEadded 2023/09/13 8:5 a.m.597 views

CVE-2023-4039

CVE-2023-4039 describes a GCC stack-protector issue on AArch64: failure of -fstack-protector to detect buffer overflows in C99-style dynamically-sized locals/alloca, unlike static locals. The default overflow handling would terminate the process, but an attacker might influence control flow if an...

4.8CVSS5.2AI score0.00666EPSS
CVE
CVEadded 2019/05/22 6:42 p.m.327 views

CVE-2018-12886

CVE-2018-12886: In GCC 4.1–8, on ARM targets, stack_protect_prologue/epilogue may spill the stack-protector guard address, enabling an attacker to bypass -fstack-protector families by controlling what the canary is compared against. Impact is stack overflow protection bypass; no exploitation deta...

8.1CVSS8AI score0.02171EPSS
CVE
CVEadded 2019/09/02 10:3 p.m.312 views

CVE-2019-15847

CVE-2019-15847 affects the POWER9 backend of GCC, where the compiler could coalesce multiple __builtin_darn() calls into one due to an unspecified volatile operation, reducing random-number entropy. The GCC GLSA/Advisory notes that this issue stems from flawed code generation and can cause repeat...

7.5CVSS7.1AI score0.03207EPSS
CVE
CVEadded 2022/03/26 12:0 a.m.228 views

CVE-2022-27943

CVE-2022-27943 is a stack consumption (stack exhaustion) vulnerability in libiberty/rust-demangle.c (Rust demangler) within GNU GCC 11.2, demonstrated by nm-new. Affected component: libiberty/rust-demangle.c; root cause: stack depth growth during demangling leading to exhaustion. Impact per docum...

5.5CVSS6AI score0.00892EPSS
CVE
CVEadded 2017/07/26 9:0 p.m.206 views

CVE-2017-11671

CVE-2017-11671 affects GCC: the ix86_expand_builtin path in i386.c can generate RDRAND/RDSEED instruction sequences that clobber the status flag before being read, potentially causing reduced randomness. Documented in GCC bug reports and affected across GCC 4.6–4.9, 5 before 5.5, and 6 before 6.4...

4CVSS4.1AI score0.00442EPSS
CVE
CVEadded 2022/09/01 12:0 a.m.167 views

CVE-2021-3826

CVE-2021-3826 is a heap/stack buffer overflow in libiberty’s dlang_lname function (d-demangle.c). A crafted mangled symbol can trigger a segmentation fault and crash, causing a denial of service. The issue is associated with GCC/binutils’ libiberty/demangling code and has been addressed in vendor...

6.5CVSS6.3AI score0.0105EPSS
CVE
CVEadded 2022/01/14 7:16 p.m.137 views

CVE-2021-46195

CVE-2021-46195 affects GCC v12.0, specifically the libiberty/rust-demangle.c component. The issue is an uncontrolled recursion that allows a DoS by consuming CPU and memory. The provided connected Nessus entry for MiracleLinux 9 notes a linked advisory tying GCC 12.0.1-11.2.el9 to this CVE, confi...

5.5CVSS5.2AI score0.00779EPSS
CVE
CVEadded 2021/11/18 9:11 p.m.104 views

CVE-2021-37322

CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.

7.8CVSS7.6AI score0.00853EPSS
CVE
CVEadded 2019/10/23 5:47 p.m.97 views

CVE-2002-2439

CVE-2002-2439 describes an integer overflow in the C++ operator new[] in the GNU GCC compiler before 4.8.0, potentially allowing unspecified impacts. Affected software: GCC versions prior to 4.8.0. Root cause: integer overflow while calculating allocation size for new[] allocations. Impact as sta...

7.8CVSS7.3AI score0.00548EPSS
CVE
CVEadded 2008/03/17 11:0 p.m.85 views

CVE-2008-1367

CVE-2008-1367 corresponds to a Linux kernel issue where gcc 4.3.x may not emit a cld instruction while compiling string manipulation code (e.g., memcpy/memmove), preventing the direction flag (DF) from being reset and potentially causing memory copy in the wrong direction during signal handling. ...

7.5CVSS6AI score0.02791EPSS
CVE
CVEadded 2015/11/17 3:0 p.m.79 views

CVE-2015-5276

CVE-2015-5276 : The std::random_device class in libstdc++ (GCC) before 4.9.4 does not properly handle short reads from blocking sources, which could allow context-dependent attackers to predict random values via unspecified vectors. Affected: GCC/libstdc++ prior to 4.9.4. Root cause: inadequate h...

5CVSS7.5AI score0.02941EPSS
CVE
CVEadded 2006/04/20 10:0 a.m.78 views

CVE-2006-1902

CVE-2006-1902 affects GNU Compiler Collection (gcc) 4.1. The issue, described consistently across connected sources, is in fold_binary inside fold-const.c where pointer overflow occurs when folding a specific expression comparison to a corresponding offset comparison (excluding EQ_EXPR/NE_EXPR). ...

2.1CVSS7AI score0.00418EPSS
CVE
CVEadded 2005/04/21 4:0 a.m.65 views

CVE-2000-1219

The CVE-2000-1219 entry documents a flaw in the -ftrapv option of gcc/g++ 3.3.3 and earlier that fails to handle all integer overflow types, potentially leaving applications vulnerable to overflow-related issues. Connected records confirm the affected component and root cause (incomplete handling...

7.5CVSS6.7AI score0.01249EPSS
CVE
CVEadded 2008/04/06 11:0 p.m.60 views

CVE-2008-1685

CVE-2008-1685 affects GNU Compiler Collection versions 4.2.0–4.3.0. The issue is that when casts are not used, the sum of a pointer and an int may be considered >= the pointer, which can lead to removal of length-testing code intended as protection against integer overflow and buffer overflow,...

6.8CVSS7.1AI score0.01253EPSS