7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%
gcc 4.3.x does not generate a cld instruction while compiling functions
used for string manipulation such as memcpy and memmove on x86 and i386,
which can prevent the direction flag (DF) from being reset in violation of
ABI conventions and cause data to be copied in the wrong direction during
signal handling in the Linux kernel, which might allow context-dependent
attackers to trigger memory corruption. NOTE: this issue was originally
reported for CPU consumption in SBCL.
Author | Note |
---|---|
jdstrand | glibc part should be glibc 2.7-7 only use a low priority, since gcc-4.3 seems to be what is triggering it |