Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN10-GCC8-347558
- published 22 May 2019
- disclosed 22 May 2019
How to fix?
There is no fixed version for
Note: Versions mentioned in the description apply only to the upstream
gcc-8 package and not the
gcc-8 package as distributed by
How to fix? for
Debian:10 relevant fixed versions and status.
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.