CVE-2008-1685

** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:gcc:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:45

Type Values Removed Values Added
References () http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763 - () http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763 -
References () http://www.kb.cert.org/vuls/id/162289 - US Government Resource () http://www.kb.cert.org/vuls/id/162289 - US Government Resource
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41686 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41686 -

Information

Published : 2008-04-06 23:44

Updated : 2024-11-21 00:45


NVD link : CVE-2008-1685

Mitre link : CVE-2008-1685

CVE.ORG link : CVE-2008-1685


JSON object : View

Products Affected

gnu

  • gcc
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-189

Numeric Errors