vulnerability

Huawei EulerOS: CVE-2023-4039: gcc security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Sep 13, 2023	Jan 10, 2024	Feb 20, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Sep 13, 2023

Added

Jan 10, 2024

Modified

Feb 20, 2025

Description

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.

The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Solution(s)

huawei-euleros-2_0_sp10-upgrade-libasanhuawei-euleros-2_0_sp10-upgrade-libatomichuawei-euleros-2_0_sp10-upgrade-libgcchuawei-euleros-2_0_sp10-upgrade-libgfortranhuawei-euleros-2_0_sp10-upgrade-libgomphuawei-euleros-2_0_sp10-upgrade-libobjchuawei-euleros-2_0_sp10-upgrade-libquadmathhuawei-euleros-2_0_sp10-upgrade-libstdc++

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today