CVE-2023-4039

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64	Exploit Patch Third Party Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:arm64:*

History

19 Feb 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-13 09:15

Updated : 2024-08-02 08:15

NVD link : CVE-2023-4039

Mitre link : CVE-2023-4039

CVE.ORG link : CVE-2023-4039

JSON object : View

Products Affected

gnu

gcc

CWE

NVD-CWE-Other CWE-693

Protection Mechanism Failure

{"id": "CVE-2023-4039", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "arm-security@arm.com"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "arm-security@arm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2023-09-13T09:15:15.690", "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "arm-security@arm.com"}, {"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "arm-security@arm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "arm-security@arm.com", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n"}, {"lang": "es", "value": "Una falla en la funci\u00f3n -fstack-protector en cadenas de herramientas basadas en GCC que apuntan a AArch64 permite a un atacante explotar un Desbordamiento de B\u00fafer existente en variables locales de tama\u00f1o din\u00e1mico en su aplicaci\u00f3n sin que esto sea detectado. Esta falla del protector de pila solo se aplica a variables locales de tama\u00f1o din\u00e1mico estilo C99 o aquellas creadas usando alloca(). El protector de pila funciona seg\u00fan lo previsto para variables locales de tama\u00f1o est\u00e1tico. El comportamiento predeterminado cuando el protector de pila detecta un desbordamiento es finalizar su aplicaci\u00f3n, lo que resulta en una p\u00e9rdida controlada de disponibilidad. Un atacante que pueda aprovechar un Desbordamiento del B\u00fafer sin activar el protector de pila podr\u00eda cambiar el control de flujo del programa para provocar una p\u00e9rdida incontrolada de disponibilidad o ir m\u00e1s all\u00e1 y afectar la confidencialidad o la integridad."}], "lastModified": "2024-08-02T08:15:14.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:arm64:*", "vulnerable": true, "matchCriteriaId": "C8373A25-594D-4F3F-981B-0D02056992FC", "versionEndExcluding": "2023-09-12"}], "operator": "OR"}]}], "sourceIdentifier": "arm-security@arm.com"}