CVE-2008-1685 in gccالمعلومات

الملخص

بحسب MITRE

** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

06/04/2008

إفشاء

06/04/2008

الاعتدال

تمت الموافقة

إدخال

VDB-41853

CPE

جاهز

CWE

CWE-119 (مؤكد)

CVSS

6.8 (NVD)

EPSS

0.01253

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-1685
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1685
CVE Details	https://www.cvedetails.com/cve/CVE-2008-1685/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!