CVE-2015-3027

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.

Affected Software

Name	Vendor	Start Version	End Version
Xcode	Apple	*	6.2 (including)
Llvm	Ubuntu	lucid	*
Llvm-toolchain-3.3	Ubuntu	precise	*
Llvm-toolchain-3.3	Ubuntu	trusty	*
Llvm-toolchain-3.3	Ubuntu	utopic	*
Llvm-toolchain-3.4	Ubuntu	precise	*
Llvm-toolchain-3.4	Ubuntu	trusty	*
Llvm-toolchain-3.4	Ubuntu	utopic	*
Llvm-toolchain-3.4	Ubuntu	vivid	*
Llvm-toolchain-3.4	Ubuntu	wily	*
Llvm-toolchain-3.5	Ubuntu	esm-apps/xenial	*
Llvm-toolchain-3.5	Ubuntu	utopic	*
Llvm-toolchain-3.5	Ubuntu	vivid	*
Llvm-toolchain-3.5	Ubuntu	wily	*
Llvm-toolchain-3.5	Ubuntu	xenial	*
Llvm-toolchain-3.5	Ubuntu	yakkety	*
Llvm-toolchain-3.6	Ubuntu	esm-infra-legacy/trusty	*
Llvm-toolchain-3.6	Ubuntu	esm-infra/xenial	*
Llvm-toolchain-3.6	Ubuntu	trusty	*
Llvm-toolchain-3.6	Ubuntu	trusty/esm	*
Llvm-toolchain-3.6	Ubuntu	utopic	*
Llvm-toolchain-3.6	Ubuntu	vivid	*
Llvm-toolchain-3.6	Ubuntu	vivid/stable-phone-overlay	*
Llvm-toolchain-3.6	Ubuntu	wily	*
Llvm-toolchain-3.6	Ubuntu	xenial	*
Llvm-toolchain-3.6	Ubuntu	yakkety	*
Llvm-toolchain-snapshot	Ubuntu	trusty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-3027
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References