HSEC-2024-0007

See a problem?

Import Source

https://github.com/haskell/security-advisories/blob/generated/osv-export/2024/HSEC-2024-0007.json

JSON Data

https://api.osv.dev/v1/vulns/HSEC-2024-0007

Published

2025-03-20T18:42:29Z

Modified

2025-03-20T18:52:37.609924Z

Summary

Sign extension error in the AArch64 NCG

Details

Sign extension error in the AArch64 NCG

Arithmetic operations may result in incorrect runtime results on the native aarch64 backend. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.

References

https://gitlab.haskell.org/ghc/ghc/-/issues/22282
https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9152
https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9139

Affected packages

GHC / ghc

Package

Name: ghc

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.2.4

Fixed

9.2.5

Introduced

9.4.2

Fixed

9.4.3

Affected versions

9.*

9.2.4

9.4.2