阿里云漏洞库

中危 GCC's-fstack-protector 无法保护 AArch64 上动态大小的局部变量 (CVE-2023-4039)

CVE编号

CVE-2023-4039

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-09-13

漏洞描述

A failure in the -fstack-protector feature in GCC-based toolchains

that target AArch64 allows an attacker to exploit an existing buffer

overflow in dynamically-sized local variables in your application

without this being detected. This stack-protector failure only applies

to C99-style dynamically-sized local variables or those created using

alloca(). The stack-protector operates as intended for statically-sized

local variables.

The default behavior when the stack-protector

detects an overflow is to terminate your application, resulting in

controlled loss of availability. An attacker who can exploit a buffer

overflow without triggering the stack-protector might be able to change

program flow control to cause an uncontrolled loss of availability or to

go further and affect confidentiality or integrity.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20V...
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	gnu	gcc	*		Up to (excluding) 2023-09-12
	运行在以下环境
	系统	alma_linux_8	webkit2gtk3	*		Up to (excluding) 2.40.5-1.el8
	运行在以下环境
	系统	alma_linux_9	webkit2gtk3	*		Up to (excluding) 2.40.5-1.el9
	运行在以下环境
	系统	alpine_3.19	gcc	*		Up to (excluding) 13.2.1_git20231014-r0
	运行在以下环境
	系统	amazon_2	gcc	*		Up to (excluding) 7.3.1-17.amzn2
	运行在以下环境
	系统	amazon_2023	gcc	*		Up to (excluding) 11.4.1-2.amzn2023.0.2
	运行在以下环境
	系统	anolis_os_23	webkitgtk	*		Up to (excluding) 2.40.5-1
	运行在以下环境
	系统	kylinos_aarch64_V10	cpp	*		Up to (excluding) 7.3.0-20220207.45.p02.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	cpp	*		Up to (excluding) 7.3.0-20220207.45.p02.ky10
	运行在以下环境
	系统	opensuse_5.3	+git7813	*		Up to (excluding) 13.2.1
	运行在以下环境
	系统	opensuse_5.4	+git7813	*		Up to (excluding) 13.2.1
	运行在以下环境
	系统	opensuse_Leap_15.4	cpp13	*		Up to (excluding) 13.2.1
	运行在以下环境
	系统	opensuse_Leap_15.5	cpp13	*		Up to (excluding) 13.2.1
	运行在以下环境
	系统	oracle_8	cpp	*		Up to (excluding) 8.5.0-18.0.5.el8
	运行在以下环境
	系统	oracle_9	webkit2gtk3	*		Up to (excluding) 2.40.5-1.el9
	运行在以下环境
	系统	redhat_8	webkit2gtk3	*		Up to (excluding) 2.40.5-1.el8
	运行在以下环境
	系统	redhat_9	webkit2gtk3	*		Up to (excluding) 2.40.5-1.el9
	运行在以下环境
	系统	suse_12_SP5	libitm1	*		Up to (excluding) 12.3.0

攻击路径

本地
攻击复杂度

困难
权限要求

管控权限
影响范围

有限影响
EXP成熟度

未验证
补丁情况

官方补丁
数据保密性

无影响
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
NVD-CWE-Other