GNU Compiler Collection缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195278 漏洞类型 缓冲区溢出
发布时间 2006-04-20 更新时间 2006-04-20
CVE编号 CVE-2006-1902 CNNVD-ID CNNVD-200604-383
漏洞平台 N/A CVSS评分 2.1
|漏洞来源
https://www.securityfocus.com/bid/83992
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-383
|漏洞详情
当将特定的expr比较合并入对应的offset比较而非EQ_EXPR和NE_EXPR中时,GNUCompilerCollection(gcc)4.1版本的fold-const.c中的fold_binary不能正确地处理指针溢出。这可能使得应用程序产生缓冲区溢出漏洞,导致上下文相关攻击者可以调用应用程序。
|受影响的产品
GNU gcc 4.1
|参考资料

来源:BUGTRAQ
名称:20060417gcc4.1bugmiscompilespointerrangechecks,mayplaceyouatrisk
链接:http://www.securityfocus.com/archive/1/archive/1/431184/100/0/threaded
来源:BUGTRAQ
名称:20060418Re:gcc4.1bugmiscompilespointerrangechecks,mayplaceyouatrisk
链接:http://www.securityfocus.com/archive/1/431319/100/0/threaded
来源:BUGTRAQ
名称:20060418Re:gcc4.1bugmiscompilespointerrangechecks,mayplaceyouatrisk
链接:http://www.securityfocus.com/archive/1/431297/100/0/threaded
来源:gcc.gnu.org
名称:http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h
链接:http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h
来源:MLIST
名称:[gcc-bugs]20060417[Bugmiddle-end/27180]New:pointerarithmeticoverflowhandlingbroken
链接:http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html
来源:MLIST
名称:[gcc-bugs]20060417[Bugc/27180]New:pointerarithmeticoverflowhandlingbroken
链接:http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html
来源:gcc