Boosts - New vulnerability exposed on GCC. @Azeria@mastodon.social and Tom Hebb, has...

bluedevil, 8 months ago

New vulnerability exposed on GCC. @Azeria and Tom Hebb, has discovered a brand new 0-day in GCC. On GCC's AArch64 version, stack protection doesn't detect overflows of dynamically-sized local variables. Vulnerability fixed! But there are a lot of binaries in the wild which has this vulnerability.

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf

https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html

#0-day #gcc #vulnerability #stackoverflow #smashthestack

reply

expand (1)

collapse (1)

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ hal_pomeranz

hal_pomeranz 8 months ago