CVE-2023-4039

CVE-2023-4039 describes a GCC stack-protector issue on AArch64: failure of -fstack-protector to detect buffer overflows in C99-style dynamically-sized locals/alloca, unlike static locals. The default overflow handling would terminate the process, but an attacker might influence control flow if an...

CVE-2019-15847

CVE-2019-15847 affects the POWER9 backend of GCC, where the compiler could coalesce multiple __builtin_darn() calls into one due to an unspecified volatile operation, reducing random-number entropy. The GCC GLSA/Advisory notes that this issue stems from flawed code generation and can cause repeat...

CVE-2021-37322

CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.

CVE-2002-2439

CVE-2002-2439 describes an integer overflow in the C++ operator new[] in the GNU GCC compiler before 4.8.0, potentially allowing unspecified impacts. Affected software: GCC versions prior to 4.8.0. Root cause: integer overflow while calculating allocation size for new[] allocations. Impact as sta...

CVE-2015-5276

CVE-2015-5276 : The std::random_device class in libstdc++ (GCC) before 4.9.4 does not properly handle short reads from blocking sources, which could allow context-dependent attackers to predict random values via unspecified vectors. Affected: GCC/libstdc++ prior to 4.9.4. Root cause: inadequate h...