CVE Vulnerabilities

CVE-2015-3027

Published: Apr 10, 2015 | Modified: Dec 03, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.

Affected Software

Name Vendor Start Version End Version
Xcode Apple * 6.2 (including)
Llvm Ubuntu lucid *
Llvm-toolchain-3.3 Ubuntu precise *
Llvm-toolchain-3.3 Ubuntu trusty *
Llvm-toolchain-3.3 Ubuntu utopic *
Llvm-toolchain-3.4 Ubuntu precise *
Llvm-toolchain-3.4 Ubuntu trusty *
Llvm-toolchain-3.4 Ubuntu utopic *
Llvm-toolchain-3.4 Ubuntu vivid *
Llvm-toolchain-3.4 Ubuntu wily *
Llvm-toolchain-3.5 Ubuntu esm-apps/xenial *
Llvm-toolchain-3.5 Ubuntu utopic *
Llvm-toolchain-3.5 Ubuntu vivid *
Llvm-toolchain-3.5 Ubuntu wily *
Llvm-toolchain-3.5 Ubuntu xenial *
Llvm-toolchain-3.5 Ubuntu yakkety *
Llvm-toolchain-3.6 Ubuntu esm-infra/xenial *
Llvm-toolchain-3.6 Ubuntu trusty *
Llvm-toolchain-3.6 Ubuntu trusty/esm *
Llvm-toolchain-3.6 Ubuntu utopic *
Llvm-toolchain-3.6 Ubuntu vivid *
Llvm-toolchain-3.6 Ubuntu vivid/stable-phone-overlay *
Llvm-toolchain-3.6 Ubuntu wily *
Llvm-toolchain-3.6 Ubuntu xenial *
Llvm-toolchain-3.6 Ubuntu yakkety *
Llvm-toolchain-snapshot Ubuntu trusty *

References