CVE-2008-1367
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 17 Mar 2008, 23:00
Last modified:07 Aug 2024, 08:17
Vulnerability Summary
Overall Risk (default)
medium
41/100 CVSS Score
7.5 HIGH
v2.0 (nvd)
EPSS Score
4.36% LOW
4% probability +0.90%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
17 Mar 2008, 23:00
Published
Vulnerability first disclosed
07 Aug 2024, 08:17
Last Modified
Vulnerability information updated
Description
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
CVSS Metrics
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 4.36%• Percentile: 89%
Techniques & Countermeasures
- CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Affected Systems
- gnu•gcc
4.3
References (28)
- http://secunia.com/advisories/30962
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
- http://lkml.org/lkml/2008/3/5/207
- http://secunia.com/advisories/30850
- http://secunia.com/advisories/30116
- http://www.redhat.com/support/errata/RHSA-2008-0233.html
- http://secunia.com/advisories/30110
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
- http://www.vupen.com/english/advisories/2008/2222/references
- http://marc.info/?l=git-commits-head&m=120492000901739&w=2
- http://www.securityfocus.com/bid/29084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41340
- https://bugzilla.redhat.com/show_bug.cgi?id=437312
- http://lwn.net/Articles/272048/#Comments
- http://www.redhat.com/support/errata/RHSA-2008-0211.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108
- http://secunia.com/advisories/30890
- http://rhn.redhat.com/errata/RHSA-2008-0508.html
- http://lists.vmware.com/pipermail/security-announce/2008/000023.html
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51
- http://secunia.com/advisories/31246
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html
- http://secunia.com/advisories/30818
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html