CVE-2008-1685

CWE-119Buffer OverflowCWE-1896 documents6 sources
Severity
6.8MEDIUM
EPSS
2.0%
top 16.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU GCC
Timeline
PublishedApr 6
Latest updateMay 1

Description

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 989

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgnu/gcc6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-6pf5-463c-qv74: ** DISPUTED ** gcc 42022-05-01
CVEList
CVE-2008-1685: gcc 42008-04-06

💥Exploits & PoCs

1
Exploit-DB
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities2014-04-28

📋Vendor Advisories

1
Red Hat
gcc: gcc-4.2 may optimize out certain length checks2008-03-30

💬Community

1
Bugzilla
CVE-2008-1685 gcc: gcc-4.2 may optimize out certain length checks2008-04-08
CVE-2008-1685 (MEDIUM CVSS 6.8) | gcc 4.2.0 through 4.3.0 in GNU Comp | cvebase.io