Vulnerability Description
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gcc | >= 4.1, <= 8.0 |
Related Weaknesses (CWE)
References
- https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=26637Vendor Advisory
- https://www.gnu.org/software/gcc/gcc-8/changes.htmlExploitVendor Advisory
- https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=26637Vendor Advisory
- https://www.gnu.org/software/gcc/gcc-8/changes.htmlExploitVendor Advisory
FAQ
What is CVE-2018-12886?
CVE-2018-12886 is a vulnerability with a CVSS score of 8.1 (HIGH). stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targetin...
How severe is CVE-2018-12886?
CVE-2018-12886 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12886?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gcc.