CVE-2023-4039

GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64

Published: 9/13/2023 Last updated: 2/13/2025 Reserved: 8/1/2023

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

CNA assigner: Arm (56a131ea-b967-4a0d-a41e-5f3549952846) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.8	Medium	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Opam packages affected (20)

conf-aarch64-linux-gnu-gcc conf-blas conf-c++ conf-g++ conf-gcc conf-gfortran conf-lapack conf-libgccjit conf-mingw-w64-gcc-i686 conf-mingw-w64-gcc-x86_64 conf-mingw-w64-g++-i686 conf-mingw-w64-g++-x86_64 conf-x86_64-linux-gnu-gcc farmhash irrlicht lbfgs libbinaryen re2 solo5-cross-aarch64 taglib

Products affected (2)

Product	Vendor	Version
Arm GNU Toolchain	Arm Ltd	<= *
GCC	GNU	8.5.0 to 8.5.30

References (4)

Credits (1)

1 Tom Hebb from Meta Red Team X and Maria Markstedter from Azeria Labs