Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2018-12886
HistoryMay 22, 2019 - 12:00 a.m.

CVE-2018-12886

2019-05-2200:00:00
ubuntu.com
ubuntu.com
7

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.0%

JSON

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in
function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain
circumstances) generate instruction sequences when targeting ARM targets
that spill the address of the stack protector guard, which allows an
attacker to bypass the protection of -fstack-protector,
-fstack-protector-all, -fstack-protector-strong, and
-fstack-protector-explicit against stack overflow by controlling what the
stack canary is compared against.

Bugs

Notes

Author Note
mdeslaur Upstream has fixed this in GCC9 only as of 2019-05-30. 32-bit ARM only, risky backport, and would require archive rebuild. Setting priority as low for now, we may decide this issue is not worth fixing in stable releases.
sbeattie 14.04 LTS (trusty) Pro Infra and 16.04 LTS (xenial) Pro Infra do not support 32-bit Arm as an architecture.

Related

prion 1
openvas 1
cve 1
osv 1
redhatcve 1
nessus 1
debiancve 1
rosalinux 1
ics 2
prion
prion
Stack overflow
2019-05-22 19:29:00
openvas
openvas
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2019-1825)
2020-01-23 00:00:00
cve
cve
CVE-2018-12886
2019-05-22 19:29:00
osv
osv
CVE-2018-12886
2019-05-22 19:29:00
redhatcve
redhatcve
CVE-2018-12886
2020-03-31 08:06:50
nessus
nessus
EulerOS 2.0 SP8 : gcc (EulerOS-SA-2019-1825)
2019-08-27 00:00:00
debiancve
debiancve
CVE-2018-12886
2019-05-22 19:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1838
2021-07-02 16:44:11
ics
ics
Siemens SCALANCE Third-Party
2023-03-21 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.0%

JSON
Related for UB:CVE-2018-12886
prion1openvas1cve1osv1redhatcve1nessus1debiancve1rosalinux1ics2