漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
Vulnerability Description
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
GCC 安全漏洞
Vulnerability Description
GCC是一个 GNU 编译器集合。主要用于编译 C 和 C++ 语言。 GCC存在安全漏洞,该漏洞源于存在缓冲区溢出,可能导致可用性不受控制的损失或进一步影响机密性或完整性。
CVSS Information
N/A
Vulnerability Type
N/A