« List of all CVEs

CVE-2008-1685

Published: 4/6/2008 Last updated: 8/7/2024 Reserved: 4/6/2008

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (20)

conf-aarch64-linux-gnu-gcc conf-blas conf-c++ conf-g++ conf-gcc conf-gfortran conf-lapack conf-libgccjit conf-mingw-w64-gcc-i686 conf-mingw-w64-gcc-x86_64 conf-mingw-w64-g++-i686 conf-mingw-w64-g++-x86_64 conf-x86_64-linux-gnu-gcc farmhash irrlicht lbfgs libbinaryen re2 solo5-cross-aarch64 taglib

Products affected (1)

Product Vendor Version
n/a n/a n/a

References (6)