Vulnerabilities > GNU > GCC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-4039 | Unspecified vulnerability in GNU GCC **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. | 4.8 |
| 2022-09-01 | CVE-2021-3826 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | 6.5 |
| 2022-03-26 | CVE-2022-27943 | Uncontrolled Recursion vulnerability in multiple products libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | 5.5 |
| 2022-01-14 | CVE-2021-46195 | Uncontrolled Recursion vulnerability in GNU GCC 12.0 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. | 4.3 |
| 2021-11-18 | CVE-2021-37322 | Use After Free vulnerability in GNU Binutils GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | 6.8 |
| 2019-10-23 | CVE-2002-2439 | Integer Overflow or Wraparound vulnerability in GNU GCC Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | 4.6 |
| 2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in GNU GCC The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 5.0 |
| 2019-05-22 | CVE-2018-12886 | Information Exposure Through an Error Message vulnerability in GNU GCC stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | 6.8 |
| 2015-11-17 | CVE-2015-5276 | Information Exposure vulnerability in GNU GCC The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | 5.0 |