Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gcc
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-26 | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | Fedora, Gcc | 5.5 | ||
| 2022-01-14 | CVE-2021-46195 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | Gcc | 5.5 | ||
| 2021-11-18 | CVE-2021-37322 | GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | Binutils, Gcc | 7.8 | ||
| 2019-05-22 | CVE-2018-12886 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | Gcc | 8.1 | ||
| 2019-09-02 | CVE-2019-15847 | The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. | Gcc | 7.5 | ||
| 2019-10-23 | CVE-2002-2439 | Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | Gcc | N/A | ||
| 2017-07-26 | CVE-2017-11671 | Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. | Gcc | 4.0 | ||
| 2015-11-17 | CVE-2015-5276 | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | Gcc | N/A | ||
| 2006-04-20 | CVE-2006-1902 | fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value." | Gcc | N/A | ||
| 2000-11-01 | CVE-2000-1219 | The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. | G\+\+, Gcc | N/A |