Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-4039

Published: Sep 13, 2023 | Modified: Aug 02, 2024
CVSS 3.x
4.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-4039
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.

The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Affected Software

Name Vendor Start Version End Version
Gcc Gnu * 2023-09-12 (excluding)
Gcc-10 Ubuntu lunar *
Gcc-10 Ubuntu mantic *
Gcc-10 Ubuntu noble *
Gcc-10 Ubuntu upstream *
Gcc-10-cross Ubuntu lunar *
Gcc-10-cross Ubuntu mantic *
Gcc-10-cross Ubuntu noble *
Gcc-10-cross-mipsen Ubuntu lunar *
Gcc-10-cross-mipsen Ubuntu mantic *
Gcc-10-cross-ports Ubuntu lunar *
Gcc-10-cross-ports Ubuntu mantic *
Gcc-11 Ubuntu devel *
Gcc-11 Ubuntu jammy *
Gcc-11 Ubuntu lunar *
Gcc-11 Ubuntu mantic *
Gcc-11 Ubuntu noble *
Gcc-11 Ubuntu oracular *
Gcc-11 Ubuntu upstream *
Gcc-11-cross Ubuntu devel *
Gcc-11-cross Ubuntu jammy *
Gcc-11-cross Ubuntu lunar *
Gcc-11-cross Ubuntu mantic *
Gcc-11-cross Ubuntu noble *
Gcc-11-cross Ubuntu oracular *
Gcc-11-cross-mipsen Ubuntu lunar *
Gcc-11-cross-mipsen Ubuntu mantic *
Gcc-11-cross-ports Ubuntu lunar *
Gcc-11-cross-ports Ubuntu mantic *
Gcc-12 Ubuntu devel *
Gcc-12 Ubuntu jammy *
Gcc-12 Ubuntu lunar *
Gcc-12 Ubuntu mantic *
Gcc-12 Ubuntu noble *
Gcc-12 Ubuntu oracular *
Gcc-12 Ubuntu upstream *
Gcc-12-cross Ubuntu devel *
Gcc-12-cross Ubuntu jammy *
Gcc-12-cross Ubuntu lunar *
Gcc-12-cross Ubuntu mantic *
Gcc-12-cross Ubuntu noble *
Gcc-12-cross Ubuntu oracular *
Gcc-12-cross-mipsen Ubuntu lunar *
Gcc-12-cross-mipsen Ubuntu mantic *
Gcc-12-cross-ports Ubuntu lunar *
Gcc-12-cross-ports Ubuntu mantic *
Gcc-13 Ubuntu devel *
Gcc-13 Ubuntu lunar *
Gcc-13 Ubuntu mantic *
Gcc-13 Ubuntu noble *
Gcc-13 Ubuntu oracular *
Gcc-13 Ubuntu upstream *
Gcc-13-cross Ubuntu lunar *
Gcc-13-cross Ubuntu mantic *
Gcc-13-cross-ports Ubuntu devel *
Gcc-13-cross-ports Ubuntu lunar *
Gcc-13-cross-ports Ubuntu mantic *
Gcc-13-cross-ports Ubuntu noble *
Gcc-13-cross-ports Ubuntu oracular *
Gcc-4.4 Ubuntu trusty *
Gcc-4.6 Ubuntu trusty *
Gcc-4.7 Ubuntu esm-apps/xenial *
Gcc-4.7 Ubuntu esm-infra-legacy/trusty *
Gcc-4.7 Ubuntu trusty *
Gcc-4.7 Ubuntu trusty/esm *
Gcc-4.7 Ubuntu xenial *
Gcc-4.7-armel-cross Ubuntu trusty *
Gcc-4.7-armel-cross Ubuntu xenial *
Gcc-4.7-armhf-cross Ubuntu trusty *
Gcc-4.7-armhf-cross Ubuntu xenial *
Gcc-4.8 Ubuntu bionic *
Gcc-4.8 Ubuntu esm-apps/xenial *
Gcc-4.8 Ubuntu esm-infra-legacy/trusty *
Gcc-4.8 Ubuntu trusty *
Gcc-4.8 Ubuntu trusty/esm *
Gcc-4.8 Ubuntu xenial *
Gcc-4.8-arm64-cross Ubuntu trusty *
Gcc-4.8-arm64-cross Ubuntu xenial *
Gcc-4.8-armhf-cross Ubuntu trusty *
Gcc-4.8-armhf-cross Ubuntu xenial *
Gcc-4.8-powerpc-cross Ubuntu trusty *
Gcc-4.8-powerpc-cross Ubuntu xenial *
Gcc-4.8-ppc64el-cross Ubuntu trusty *
Gcc-4.8-ppc64el-cross Ubuntu xenial *
Gcc-4.9 Ubuntu esm-apps/xenial *
Gcc-4.9 Ubuntu xenial *
Gcc-4.9-cross Ubuntu bionic *
Gcc-4.9-cross Ubuntu xenial *
Gcc-5 Ubuntu bionic *
Gcc-5 Ubuntu esm-infra/xenial *
Gcc-5 Ubuntu xenial *
Gcc-5-cross Ubuntu bionic *
Gcc-5-cross Ubuntu xenial *
Gcc-5-cross-ports Ubuntu bionic *
Gcc-5-cross-ports Ubuntu xenial *
Gcc-6 Ubuntu bionic *
Gcc-6-cross Ubuntu bionic *
Gcc-6-cross-ports Ubuntu bionic *
Gcc-7 Ubuntu bionic *
Gcc-7-cross Ubuntu bionic *
Gcc-7-cross-ports Ubuntu bionic *
Gcc-8 Ubuntu bionic *
Gcc-8-cross Ubuntu bionic *
Gcc-8-cross-ports Ubuntu bionic *
Gcc-9 Ubuntu lunar *
Gcc-9 Ubuntu mantic *
Gcc-9 Ubuntu noble *
Gcc-9 Ubuntu upstream *
Gcc-9-cross Ubuntu lunar *
Gcc-9-cross Ubuntu mantic *
Gcc-9-cross Ubuntu noble *
Gcc-9-cross-mipsen Ubuntu lunar *
Gcc-9-cross-mipsen Ubuntu mantic *
Gcc-9-cross-ports Ubuntu lunar *
Gcc-9-cross-ports Ubuntu mantic *
Gcc-arm-linux-androideabi Ubuntu trusty *
Gcc-arm-linux-androideabi Ubuntu xenial *
Gcc-arm-none-eabi Ubuntu bionic *
Gcc-arm-none-eabi Ubuntu lunar *
Gcc-arm-none-eabi Ubuntu mantic *
Gcc-arm-none-eabi Ubuntu trusty *
Gcc-arm-none-eabi Ubuntu xenial *
Gcc-avr Ubuntu bionic *
Gcc-avr Ubuntu lunar *
Gcc-avr Ubuntu mantic *
Gcc-avr Ubuntu trusty *
Gcc-avr Ubuntu xenial *
Gcc-defaults Ubuntu bionic *
Gcc-defaults Ubuntu lunar *
Gcc-defaults Ubuntu mantic *
Gcc-defaults Ubuntu trusty *
Gcc-defaults Ubuntu xenial *
Gcc-defaults-arm64-cross Ubuntu trusty *
Gcc-defaults-armel-cross Ubuntu trusty *
Gcc-defaults-armhf-cross Ubuntu trusty *
Gcc-defaults-powerpc-cross Ubuntu trusty *
Gcc-defaults-ppc64el-cross Ubuntu trusty *
Gcc-h8300-hms Ubuntu bionic *
Gcc-h8300-hms Ubuntu lunar *
Gcc-h8300-hms Ubuntu mantic *
Gcc-h8300-hms Ubuntu trusty *
Gcc-h8300-hms Ubuntu xenial *
Gcc-i686-linux-android Ubuntu trusty *
Gcc-i686-linux-android Ubuntu xenial *
Gcc-m68hc1x Ubuntu bionic *
Gcc-m68hc1x Ubuntu trusty *
Gcc-m68hc1x Ubuntu xenial *
Gcc-mingw-w64 Ubuntu bionic *
Gcc-mingw-w64 Ubuntu lunar *
Gcc-mingw-w64 Ubuntu mantic *
Gcc-mingw-w64 Ubuntu trusty *
Gcc-mingw-w64 Ubuntu xenial *
Gcc-msp430 Ubuntu bionic *
Gcc-msp430 Ubuntu lunar *
Gcc-msp430 Ubuntu mantic *
Gcc-msp430 Ubuntu trusty *
Gcc-msp430 Ubuntu xenial *
Gcc-opt Ubuntu bionic *
Gcc-opt Ubuntu lunar *
Gcc-opt Ubuntu mantic *
Gcc-opt Ubuntu trusty *
Gcc-opt Ubuntu xenial *
Gcc-or1k-elf Ubuntu bionic *
Gcc-or1k-elf Ubuntu lunar *
Gcc-or1k-elf Ubuntu mantic *
Gcc-or1k-elf Ubuntu trusty *
Gcc-or1k-elf Ubuntu xenial *
Gcc-riscv64-unknown-elf Ubuntu bionic *
Gcc-riscv64-unknown-elf Ubuntu lunar *
Gcc-riscv64-unknown-elf Ubuntu mantic *
Gcc-riscv64-unknown-elf Ubuntu trusty *
Gcc-riscv64-unknown-elf Ubuntu xenial *
Gcc-snapshot Ubuntu bionic *
Gcc-snapshot Ubuntu lunar *
Gcc-snapshot Ubuntu mantic *
Gcc-snapshot Ubuntu trusty *
Gcc-snapshot Ubuntu xenial *
Gcc-xtensa-lx106 Ubuntu bionic *
Gcc-xtensa-lx106 Ubuntu lunar *
Gcc-xtensa-lx106 Ubuntu mantic *
Gcc-xtensa-lx106 Ubuntu trusty *
Gcc-xtensa-lx106 Ubuntu xenial *
Gccgo-4.9 Ubuntu trusty *
Gccgo-6 Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use