CVE-2018-12886 -- gcc-8, gcc-7, gcc-6ID: oval:org.secpod.oval:def:2003565 | Date: (C)2020-09-25 (M)2021-11-24 |
Class: VULNERABILITY | Family: unix |
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection 4.1 through 8 generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
Platform: |
Debian 10.x |
Debian 9.x |