Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR
Vulnerability Description
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.
CVSS Information
N/A
Vulnerability Type
使用未经初始化的指针
Vulnerability Title
Mingw-w64 安全特征问题漏洞
Vulnerability Description
Mingw-w64是一套专用在Windows中的gcc运行环境。 Mingw-w64 5.0.4版本中所生成的可执行文件存在安全漏洞。远程攻击者可利用该漏洞实施返回导向编程攻击。
CVSS Information
N/A
Vulnerability Type
N/A