CVE-2018-12886

Published: 5/22/2019 Last updated: 8/5/2024 Reserved: 6/26/2018

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (20)

conf-aarch64-linux-gnu-gcc conf-blas conf-c++ conf-g++ conf-gcc conf-gfortran conf-lapack conf-libgccjit conf-mingw-w64-gcc-i686 conf-mingw-w64-gcc-x86_64 conf-mingw-w64-g++-i686 conf-mingw-w64-g++-x86_64 conf-x86_64-linux-gnu-gcc farmhash irrlicht lbfgs libbinaryen re2 solo5-cross-aarch64 taglib

Products affected (1)

Product	Vendor	Version
n/a	n/a	SA4150P

CVE-2018-12886

Opam packages affected (20)

Products affected (1)

References (4)