HSEC-2024-0008

See a problem?

Import Source

https://github.com/haskell/security-advisories/blob/generated/osv-export/2024/HSEC-2024-0008.json

JSON Data

https://api.osv.dev/v1/vulns/HSEC-2024-0008

Published

2025-03-20T18:42:29Z

Modified

2025-03-20T18:52:50.349500Z

Summary

Sign extension error in the PPC64le FFI

Details

Sign extension error in the PPC64le FFI

Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.

References

Affected packages

GHC / ghc

Package

Name: ghc

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.2.1

Fixed

9.6.6

Introduced

9.8.1

Fixed

9.8.3

Introduced

9.10.1

Affected versions

9.*

9.2.1

9.2.2

9.2.3

9.2.4

9.2.5

9.2.6

9.2.7

9.2.8

9.4.1-alpha1

9.4.1-alpha2

9.4.1-alpha3

9.4.1-rc1

9.4.1

9.4.2

9.4.3

9.4.4

9.4.5

9.6.1-alpha2

9.6.1-alpha3

9.6.1-rc1

9.6.1

9.6.2