vulnerability

Amazon Linux AMI 2: CVE-2023-4039: Security patch for gcc, gcc10 (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
2023-09-14
Added
2023-09-14
Modified
2025-02-20

Description

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.

The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Solution(s)

amazon-linux-ami-2-upgrade-cppamazon-linux-ami-2-upgrade-cpp10amazon-linux-ami-2-upgrade-gccamazon-linux-ami-2-upgrade-gcc-base-debuginfoamazon-linux-ami-2-upgrade-gcc-camazon-linux-ami-2-upgrade-gcc-debuginfoamazon-linux-ami-2-upgrade-gcc-gdb-pluginamazon-linux-ami-2-upgrade-gcc-gfortranamazon-linux-ami-2-upgrade-gcc-gnatamazon-linux-ami-2-upgrade-gcc-goamazon-linux-ami-2-upgrade-gcc-objcamazon-linux-ami-2-upgrade-gcc-plugin-develamazon-linux-ami-2-upgrade-gcc10amazon-linux-ami-2-upgrade-gcc10-camazon-linux-ami-2-upgrade-gcc10-debuginfoamazon-linux-ami-2-upgrade-gcc10-gdb-pluginamazon-linux-ami-2-upgrade-gcc10-gfortranamazon-linux-ami-2-upgrade-gcc10-plugin-develamazon-linux-ami-2-upgrade-libasan10amazon-linux-ami-2-upgrade-libasan10-develamazon-linux-ami-2-upgrade-libatomicamazon-linux-ami-2-upgrade-libatomic10-develamazon-linux-ami-2-upgrade-libcilkrtsamazon-linux-ami-2-upgrade-libgccamazon-linux-ami-2-upgrade-libgccjitamazon-linux-ami-2-upgrade-libgccjit-develamazon-linux-ami-2-upgrade-libgfortranamazon-linux-ami-2-upgrade-libgfortran10amazon-linux-ami-2-upgrade-libgnatamazon-linux-ami-2-upgrade-libgoamazon-linux-ami-2-upgrade-libgompamazon-linux-ami-2-upgrade-libitmamazon-linux-ami-2-upgrade-libitm10-develamazon-linux-ami-2-upgrade-libmpxamazon-linux-ami-2-upgrade-libobjcamazon-linux-ami-2-upgrade-libquadmathamazon-linux-ami-2-upgrade-libquadmath10-develamazon-linux-ami-2-upgrade-libsanitizeramazon-linux-ami-2-upgrade-libstdcamazon-linux-ami-2-upgrade-libstdc-10-develamazon-linux-ami-2-upgrade-libstdc-10-docsamazon-linux-ami-2-upgrade-libstdc-docs
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.