Vulnerabilities > GNU > GCC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-4039 | Unspecified vulnerability in GNU GCC **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. | 4.8 |
| 2022-09-01 | CVE-2021-3826 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | 6.5 |
| 2022-03-26 | CVE-2022-27943 | Uncontrolled Recursion vulnerability in multiple products libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | 5.5 |
| 2022-01-14 | CVE-2021-46195 | Uncontrolled Recursion vulnerability in GNU GCC 12.0 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. | 4.3 |
| 2021-11-18 | CVE-2021-37322 | Use After Free vulnerability in GNU Binutils GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | 6.8 |
| 2019-10-23 | CVE-2002-2439 | Integer Overflow or Wraparound vulnerability in GNU GCC Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | 4.6 |
| 2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in GNU GCC The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 5.0 |
| 2019-05-22 | CVE-2018-12886 | Information Exposure Through an Error Message vulnerability in GNU GCC stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | 6.8 |
| 2017-07-26 | CVE-2017-11671 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. | 2.1 |
| 2015-11-17 | CVE-2015-5276 | Information Exposure vulnerability in GNU GCC The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | 5.0 |