** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763 - | |
References | () http://www.kb.cert.org/vuls/id/162289 - US Government Resource | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41686 - |
Information
Published : 2008-04-06 23:44
Updated : 2024-11-21 00:45
NVD link : CVE-2008-1685
Mitre link : CVE-2008-1685
CVE.ORG link : CVE-2008-1685
JSON object : View
Products Affected
gnu
- gcc