CVE-2023-4039
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-4039
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4039.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-4039
- Related
- Withdrawn
- 2023-09-13T08:05:10Z
- Published
- 2023-09-13T09:15:15Z
- Modified
- 2024-10-25T21:52:39.232615Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.
The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
- References
-
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf
- https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
- https://security.alpinelinux.org/vuln/CVE-2023-4039
- https://security-tracker.debian.org/tracker/CVE-2023-4039
Affected packages
Alpine:v3.19 / gcc
Package
- Name
- gcc
- Purl
- pkg:apk/alpine/gcc?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed13.2.1_git20231014-r0
Affected versions
4.*
4.3.2-r0
4.3.2-r1
4.3.2-r2
4.3.2-r3
4.3.2-r4
4.3.3-r0
4.3.3-r1
4.3.3-r2
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.1-r10
4.4.2-r0
4.4.3-r0
4.4.3-r1
4.4.3-r2
4.4.3-r3
4.4.4-r0
4.4.4-r1
4.4.4-r2
4.4.4-r3
4.4.4-r4
4.4.4-r5
4.5.1-r5
4.5.1-r6
4.5.1-r7
4.5.1-r8
4.5.1-r9
4.5.2-r2
4.5.2-r3
4.5.2-r4
4.5.2-r5
4.5.2-r6
4.5.2-r7
4.5.3-r0
4.6.0-r0
4.6.1-r3
4.6.2-r0
4.6.2-r1
4.6.2-r2
4.6.2-r3
4.6.2-r4
4.6.2-r5
4.6.3-r0
4.7.1-r0
4.7.2-r0
4.7.2-r1
4.7.2-r2
4.7.2-r3
4.7.2-r4
4.7.3-r0
4.7.3-r1
4.7.3-r2
4.7.3-r3
4.7.3-r4
4.7.3-r5
4.7.3-r6
4.7.3-r7
4.7.3-r8
4.8.1-r0
4.8.1-r1
4.8.1-r2
4.8.1-r4
4.8.1-r5
4.8.2-r0
4.8.2-r1
4.8.2-r2
4.8.2-r3
4.8.2-r4
4.8.2-r5
4.8.2-r6
4.8.2-r7
4.8.2-r8
4.8.2-r9
4.8.2-r10
4.8.3-r0
4.9.2-r0
4.9.2-r1
4.9.2-r2
4.9.2-r3
4.9.2-r4
4.9.2-r5
4.9.2-r6
5.*
5.1.0-r0
5.2.0-r0
5.3.0-r0
6.*
6.1.0-r0
6.1.0-r1
6.1.0-r2
6.1.0-r3
6.1.0-r4
6.1.1-r0
6.2.0-r0
6.2.1-r0
6.2.1-r1
6.3.0-r1
6.3.0-r2
6.3.0-r3
6.3.0-r4
6.4.0-r4
6.4.0-r5
6.4.0-r6
6.4.0-r7
6.4.0-r8
8.*
8.2.0-r0
8.2.0-r1
8.2.0-r2
8.3.0-r0
8.3.0-r1
9.*
9.2.0-r1
9.2.0-r2
9.2.0-r3
9.2.0-r4
9.2.0-r5
9.2.0-r6
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.0-r3
9.3.0-r4
10.*
10.2.0-r0
10.2.0-r1
10.2.0-r2
10.2.0-r3
10.2.0-r4
10.2.0-r5
10.2.0-r6
10.2.0-r7
10.2.1_pre0-r0
10.2.1_pre0-r1
10.2.1_pre0-r2
10.2.1_pre0-r3
10.2.1_pre1-r0
10.2.1_pre1-r1
10.2.1_pre1-r2
10.2.1_pre1-r3
10.2.1_pre1-r4
10.2.1_pre2-r0
Alpine:v3.20 / gcc
Package
- Name
- gcc
- Purl
- pkg:apk/alpine/gcc?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed13.2.1_git20231014-r0
Affected versions
4.*
4.3.2-r0
4.3.2-r1
4.3.2-r2
4.3.2-r3
4.3.2-r4
4.3.3-r0
4.3.3-r1
4.3.3-r2
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.1-r10
4.4.2-r0
4.4.3-r0
4.4.3-r1
4.4.3-r2
4.4.3-r3
4.4.4-r0
4.4.4-r1
4.4.4-r2
4.4.4-r3
4.4.4-r4
4.4.4-r5
4.5.1-r5
4.5.1-r6
4.5.1-r7
4.5.1-r8
4.5.1-r9
4.5.2-r2
4.5.2-r3
4.5.2-r4
4.5.2-r5
4.5.2-r6
4.5.2-r7
4.5.3-r0
4.6.0-r0
4.6.1-r3
4.6.2-r0
4.6.2-r1
4.6.2-r2
4.6.2-r3
4.6.2-r4
4.6.2-r5
4.6.3-r0
4.7.1-r0
4.7.2-r0
4.7.2-r1
4.7.2-r2
4.7.2-r3
4.7.2-r4
4.7.3-r0
4.7.3-r1
4.7.3-r2
4.7.3-r3
4.7.3-r4
4.7.3-r5
4.7.3-r6
4.7.3-r7
4.7.3-r8
4.8.1-r0
4.8.1-r1
4.8.1-r2
4.8.1-r4
4.8.1-r5
4.8.2-r0
4.8.2-r1
4.8.2-r2
4.8.2-r3
4.8.2-r4
4.8.2-r5
4.8.2-r6
4.8.2-r7
4.8.2-r8
4.8.2-r9
4.8.2-r10
4.8.3-r0
4.9.2-r0
4.9.2-r1
4.9.2-r2
4.9.2-r3
4.9.2-r4
4.9.2-r5
4.9.2-r6
5.*
5.1.0-r0
5.2.0-r0
5.3.0-r0
6.*
6.1.0-r0
6.1.0-r1
6.1.0-r2
6.1.0-r3
6.1.0-r4
6.1.1-r0
6.2.0-r0
6.2.1-r0
6.2.1-r1
6.3.0-r1
6.3.0-r2
6.3.0-r3
6.3.0-r4
6.4.0-r4
6.4.0-r5
6.4.0-r6
6.4.0-r7
6.4.0-r8
8.*
8.2.0-r0
8.2.0-r1
8.2.0-r2
8.3.0-r0
8.3.0-r1
9.*
9.2.0-r1
9.2.0-r2
9.2.0-r3
9.2.0-r4
9.2.0-r5
9.2.0-r6
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.0-r3
9.3.0-r4
10.*
10.2.0-r0
10.2.0-r1
10.2.0-r2
10.2.0-r3
10.2.0-r4
10.2.0-r5
10.2.0-r6
10.2.0-r7
10.2.1_pre0-r0
10.2.1_pre0-r1
10.2.1_pre0-r2
10.2.1_pre0-r3
10.2.1_pre1-r0
10.2.1_pre1-r1
10.2.1_pre1-r2
10.2.1_pre1-r3
10.2.1_pre1-r4
10.2.1_pre2-r0
Debian:11 / gcc-10
Package
- Name
- gcc-10
- Purl
- pkg:deb/debian/gcc-10?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.2.1-6
10.2.1-6+hurd.1
10.2.1-16
10.2.1-17
10.2.1-18
10.2.1-19
10.2.1-20
10.2.1-21
10.2.1-23
10.2.1-24
10.3.0-1
10.3.0-2
10.3.0-3
10.3.0-4
10.3.0-5
10.3.0-6
10.3.0-7
10.3.0-8
10.3.0-9
10.3.0-10
10.3.0-11
10.3.0-12
10.3.0-13
10.3.0-14
10.3.0-15
10.3.0-16
10.4.0-1
10.4.0-2
10.4.0-3
10.4.0-4
10.4.0-5
10.4.0-6
10.4.0-7
10.4.0-8
10.4.0-9
10.5.0-1
10.5.0-2
10.5.0-3
10.5.0-4
Debian:12 / gcc-11
Package
- Name
- gcc-11
- Purl
- pkg:deb/debian/gcc-11?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / gcc-11
Package
- Name
- gcc-11
- Purl
- pkg:deb/debian/gcc-11?arch=source
Debian:12 / gcc-12
Package
- Name
- gcc-12
- Purl
- pkg:deb/debian/gcc-12?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
12.*
12.2.0-14
12.2.0-14+hurd.1
12.2.0-14+loong64
12.2.0-14+loong64.1
12.2.0-15
12.2.0-16
12.2.0-17
12.2.0-18
12.3.0-1
12.3.0-2
12.3.0-3~exp1
12.3.0-3
12.3.0-4
12.3.0-5
12.3.0-6
12.3.0-7
12.3.0-8
12.3.0-9
12.3.0-10
12.3.0-11
12.3.0-12
12.3.0-13
12.3.0-14
12.3.0-15
12.3.0-16
12.3.0-17
12.4.0-1
12.4.0-2
Debian:13 / gcc-12
Package
- Name
- gcc-12
- Purl
- pkg:deb/debian/gcc-12?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.3.0-9
Debian:13 / gcc-13
Package
- Name
- gcc-13
- Purl
- pkg:deb/debian/gcc-13?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed13.2.0-4
Affected versions
Other
13-20221214-1
13-20221226-1
13-20221231-1
13-20230106-1
13-20230114-1
13-20230126-1
13-20230127-1
13-20230210-1
13-20230215-1
13-20230305-1
13-20230320-1
13-20230411-1
13-20230419-1
13.*
13.1.0-1
13.1.0-2
13.1.0-3
13.1.0-4
13.1.0-5
13.1.0-6~exp1
13.1.0-6
13.1.0-7
13.1.0-8
13.1.0-9
13.2.0-1
13.2.0-2
13.2.0-3
Debian:11 / gcc-9
Package
- Name
- gcc-9
- Purl
- pkg:deb/debian/gcc-9?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected