Fluid Attacks Database

Description

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gcc-9	=9.3.0-22 \|\| =9.3.0-23 \|\| =9.3.0-24 \|\| =9.3.0-25 \|\| =9.3.0-26 \|\| =9.4.0-1 \|\| =9.4.0-2 \|\| =9.4.0-3 \|\| =9.4.0-4 \|\| =9.4.0-5 \|\| =9.5.0-1 \|\| =9.5.0-2 \|\| =9.5.0-3 \|\| =9.5.0-4 \|\| =9.5.0-5 \|\| =9.5.0-6	-
alpine v3.19	gcc	=10.2.0-r0 \|\| =10.2.0-r1 \|\| =10.2.0-r2 \|\| =10.2.0-r3 \|\| =10.2.0-r4 \|\| =10.2.0-r5 \|\| =10.2.0-r6 \|\| =10.2.0-r7 \|\| =10.2.1_pre0-r0 \|\| =10.2.1_pre0-r1 \|\| =10.2.1_pre0-r2 \|\| =10.2.1_pre0-r3 \|\| =10.2.1_pre1-r0 \|\| =10.2.1_pre1-r1 \|\| =10.2.1_pre1-r2 \|\| =10.2.1_pre1-r3 \|\| =10.2.1_pre1-r4 \|\| =10.2.1_pre2-r0 \|\| =4.3.2-r0 \|\| =4.3.2-r1 \|\| =4.3.2-r2 \|\| =4.3.2-r3 \|\| =4.3.2-r4 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.3-r2 \|\| =4.4.1-r1 \|\| =4.4.1-r10 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.4.3-r1 \|\| =4.4.3-r2 \|\| =4.4.3-r3 \|\| =4.4.4-r0 \|\| =4.4.4-r1 \|\| =4.4.4-r2 \|\| =4.4.4-r3 \|\| =4.4.4-r4 \|\| =4.4.4-r5 \|\| =4.5.1-r5 \|\| =4.5.1-r6 \|\| =4.5.1-r7 \|\| =4.5.1-r8 \|\| =4.5.1-r9 \|\| =4.5.2-r2 \|\| =4.5.2-r3 \|\| =4.5.2-r4 \|\| =4.5.2-r5 \|\| =4.5.2-r6 \|\| =4.5.2-r7 \|\| =4.5.3-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r3 \|\| =4.6.2-r0 \|\| =4.6.2-r1 \|\| =4.6.2-r2 \|\| =4.6.2-r3 \|\| =4.6.2-r4 \|\| =4.6.2-r5 \|\| =4.6.3-r0 \|\| =4.7.1-r0 \|\| =4.7.2-r0 \|\| =4.7.2-r1 \|\| =4.7.2-r2 \|\| =4.7.2-r3 \|\| =4.7.2-r4 \|\| =4.7.3-r0 \|\| =4.7.3-r1 \|\| =4.7.3-r2 \|\| =4.7.3-r3 \|\| =4.7.3-r4 \|\| =4.7.3-r5 \|\| =4.7.3-r6 \|\| =4.7.3-r7 \|\| =4.7.3-r8 \|\| =4.8.1-r0 \|\| =4.8.1-r1 \|\| =4.8.1-r2 \|\| =4.8.1-r4 \|\| =4.8.1-r5 \|\| =4.8.2-r0 \|\| =4.8.2-r1 \|\| =4.8.2-r10 \|\| =4.8.2-r2 \|\| =4.8.2-r3 \|\| =4.8.2-r4 \|\| =4.8.2-r5 \|\| =4.8.2-r6 \|\| =4.8.2-r7 \|\| =4.8.2-r8 \|\| =4.8.2-r9 \|\| =4.8.3-r0 \|\| =4.9.2-r0 \|\| =4.9.2-r1 \|\| =4.9.2-r2 \|\| =4.9.2-r3 \|\| =4.9.2-r4 \|\| =4.9.2-r5 \|\| =4.9.2-r6 \|\| =5.1.0-r0 \|\| =5.2.0-r0 \|\| =5.3.0-r0 \|\| =6.1.0-r0 \|\| =6.1.0-r1 \|\| =6.1.0-r2 \|\| =6.1.0-r3 \|\| =6.1.0-r4 \|\| =6.1.1-r0 \|\| =6.2.0-r0 \|\| =6.2.1-r0 \|\| =6.2.1-r1 \|\| =6.3.0-r1 \|\| =6.3.0-r2 \|\| =6.3.0-r3 \|\| =6.3.0-r4 \|\| =6.4.0-r4 \|\| =6.4.0-r5 \|\| =6.4.0-r6 \|\| =6.4.0-r7 \|\| =6.4.0-r8 \|\| =8.2.0-r0 \|\| =8.2.0-r1 \|\| =8.2.0-r2 \|\| =8.3.0-r0 \|\| =8.3.0-r1 \|\| =9.2.0-r1 \|\| =9.2.0-r2 \|\| =9.2.0-r3 \|\| =9.2.0-r4 \|\| =9.2.0-r5 \|\| =9.2.0-r6 \|\| =9.3.0-r0 \|\| =9.3.0-r1 \|\| =9.3.0-r2 \|\| =9.3.0-r3 \|\| =9.3.0-r4 \|\| >=0 <13.2.1_git20231014-r0	13.2.1_git20231014-r0
alpine v3.20	gcc	=10.2.0-r0 \|\| =10.2.0-r1 \|\| =10.2.0-r2 \|\| =10.2.0-r3 \|\| =10.2.0-r4 \|\| =10.2.0-r5 \|\| =10.2.0-r6 \|\| =10.2.0-r7 \|\| =10.2.1_pre0-r0 \|\| =10.2.1_pre0-r1 \|\| =10.2.1_pre0-r2 \|\| =10.2.1_pre0-r3 \|\| =10.2.1_pre1-r0 \|\| =10.2.1_pre1-r1 \|\| =10.2.1_pre1-r2 \|\| =10.2.1_pre1-r3 \|\| =10.2.1_pre1-r4 \|\| =10.2.1_pre2-r0 \|\| =4.3.2-r0 \|\| =4.3.2-r1 \|\| =4.3.2-r2 \|\| =4.3.2-r3 \|\| =4.3.2-r4 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.3-r2 \|\| =4.4.1-r1 \|\| =4.4.1-r10 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.4.3-r1 \|\| =4.4.3-r2 \|\| =4.4.3-r3 \|\| =4.4.4-r0 \|\| =4.4.4-r1 \|\| =4.4.4-r2 \|\| =4.4.4-r3 \|\| =4.4.4-r4 \|\| =4.4.4-r5 \|\| =4.5.1-r5 \|\| =4.5.1-r6 \|\| =4.5.1-r7 \|\| =4.5.1-r8 \|\| =4.5.1-r9 \|\| =4.5.2-r2 \|\| =4.5.2-r3 \|\| =4.5.2-r4 \|\| =4.5.2-r5 \|\| =4.5.2-r6 \|\| =4.5.2-r7 \|\| =4.5.3-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r3 \|\| =4.6.2-r0 \|\| =4.6.2-r1 \|\| =4.6.2-r2 \|\| =4.6.2-r3 \|\| =4.6.2-r4 \|\| =4.6.2-r5 \|\| =4.6.3-r0 \|\| =4.7.1-r0 \|\| =4.7.2-r0 \|\| =4.7.2-r1 \|\| =4.7.2-r2 \|\| =4.7.2-r3 \|\| =4.7.2-r4 \|\| =4.7.3-r0 \|\| =4.7.3-r1 \|\| =4.7.3-r2 \|\| =4.7.3-r3 \|\| =4.7.3-r4 \|\| =4.7.3-r5 \|\| =4.7.3-r6 \|\| =4.7.3-r7 \|\| =4.7.3-r8 \|\| =4.8.1-r0 \|\| =4.8.1-r1 \|\| =4.8.1-r2 \|\| =4.8.1-r4 \|\| =4.8.1-r5 \|\| =4.8.2-r0 \|\| =4.8.2-r1 \|\| =4.8.2-r10 \|\| =4.8.2-r2 \|\| =4.8.2-r3 \|\| =4.8.2-r4 \|\| =4.8.2-r5 \|\| =4.8.2-r6 \|\| =4.8.2-r7 \|\| =4.8.2-r8 \|\| =4.8.2-r9 \|\| =4.8.3-r0 \|\| =4.9.2-r0 \|\| =4.9.2-r1 \|\| =4.9.2-r2 \|\| =4.9.2-r3 \|\| =4.9.2-r4 \|\| =4.9.2-r5 \|\| =4.9.2-r6 \|\| =5.1.0-r0 \|\| =5.2.0-r0 \|\| =5.3.0-r0 \|\| =6.1.0-r0 \|\| =6.1.0-r1 \|\| =6.1.0-r2 \|\| =6.1.0-r3 \|\| =6.1.0-r4 \|\| =6.1.1-r0 \|\| =6.2.0-r0 \|\| =6.2.1-r0 \|\| =6.2.1-r1 \|\| =6.3.0-r1 \|\| =6.3.0-r2 \|\| =6.3.0-r3 \|\| =6.3.0-r4 \|\| =6.4.0-r4 \|\| =6.4.0-r5 \|\| =6.4.0-r6 \|\| =6.4.0-r7 \|\| =6.4.0-r8 \|\| =8.2.0-r0 \|\| =8.2.0-r1 \|\| =8.2.0-r2 \|\| =8.3.0-r0 \|\| =8.3.0-r1 \|\| =9.2.0-r1 \|\| =9.2.0-r2 \|\| =9.2.0-r3 \|\| =9.2.0-r4 \|\| =9.2.0-r5 \|\| =9.2.0-r6 \|\| =9.3.0-r0 \|\| =9.3.0-r1 \|\| =9.3.0-r2 \|\| =9.3.0-r3 \|\| =9.3.0-r4 \|\| >=0 <13.2.1_git20231014-r0	13.2.1_git20231014-r0
alpine v3.21	gcc	=10.2.0-r0 \|\| =10.2.0-r1 \|\| =10.2.0-r2 \|\| =10.2.0-r3 \|\| =10.2.0-r4 \|\| =10.2.0-r5 \|\| =10.2.0-r6 \|\| =10.2.0-r7 \|\| =10.2.1_pre0-r0 \|\| =10.2.1_pre0-r1 \|\| =10.2.1_pre0-r2 \|\| =10.2.1_pre0-r3 \|\| =10.2.1_pre1-r0 \|\| =10.2.1_pre1-r1 \|\| =10.2.1_pre1-r2 \|\| =10.2.1_pre1-r3 \|\| =10.2.1_pre1-r4 \|\| =10.2.1_pre2-r0 \|\| =14.2.0-r0 \|\| =14.2.0-r1 \|\| =14.2.0-r2 \|\| =14.2.0-r3 \|\| =14.2.0-r4 \|\| =4.3.2-r0 \|\| =4.3.2-r1 \|\| =4.3.2-r2 \|\| =4.3.2-r3 \|\| =4.3.2-r4 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.3-r2 \|\| =4.4.1-r1 \|\| =4.4.1-r10 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.4.3-r1 \|\| =4.4.3-r2 \|\| =4.4.3-r3 \|\| =4.4.4-r0 \|\| =4.4.4-r1 \|\| =4.4.4-r2 \|\| =4.4.4-r3 \|\| =4.4.4-r4 \|\| =4.4.4-r5 \|\| =4.5.1-r5 \|\| =4.5.1-r6 \|\| =4.5.1-r7 \|\| =4.5.1-r8 \|\| =4.5.1-r9 \|\| =4.5.2-r2 \|\| =4.5.2-r3 \|\| =4.5.2-r4 \|\| =4.5.2-r5 \|\| =4.5.2-r6 \|\| =4.5.2-r7 \|\| =4.5.3-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r3 \|\| =4.6.2-r0 \|\| =4.6.2-r1 \|\| =4.6.2-r2 \|\| =4.6.2-r3 \|\| =4.6.2-r4 \|\| =4.6.2-r5 \|\| =4.6.3-r0 \|\| =4.7.1-r0 \|\| =4.7.2-r0 \|\| =4.7.2-r1 \|\| =4.7.2-r2 \|\| =4.7.2-r3 \|\| =4.7.2-r4 \|\| =4.7.3-r0 \|\| =4.7.3-r1 \|\| =4.7.3-r2 \|\| =4.7.3-r3 \|\| =4.7.3-r4 \|\| =4.7.3-r5 \|\| =4.7.3-r6 \|\| =4.7.3-r7 \|\| =4.7.3-r8 \|\| =4.8.1-r0 \|\| =4.8.1-r1 \|\| =4.8.1-r2 \|\| =4.8.1-r4 \|\| =4.8.1-r5 \|\| =4.8.2-r0 \|\| =4.8.2-r1 \|\| =4.8.2-r10 \|\| =4.8.2-r2 \|\| =4.8.2-r3 \|\| =4.8.2-r4 \|\| =4.8.2-r5 \|\| =4.8.2-r6 \|\| =4.8.2-r7 \|\| =4.8.2-r8 \|\| =4.8.2-r9 \|\| =4.8.3-r0 \|\| =4.9.2-r0 \|\| =4.9.2-r1 \|\| =4.9.2-r2 \|\| =4.9.2-r3 \|\| =4.9.2-r4 \|\| =4.9.2-r5 \|\| =4.9.2-r6 \|\| =5.1.0-r0 \|\| =5.2.0-r0 \|\| =5.3.0-r0 \|\| =6.1.0-r0 \|\| =6.1.0-r1 \|\| =6.1.0-r2 \|\| =6.1.0-r3 \|\| =6.1.0-r4 \|\| =6.1.1-r0 \|\| =6.2.0-r0 \|\| =6.2.1-r0 \|\| =6.2.1-r1 \|\| =6.3.0-r1 \|\| =6.3.0-r2 \|\| =6.3.0-r3 \|\| =6.3.0-r4 \|\| =6.4.0-r4 \|\| =6.4.0-r5 \|\| =6.4.0-r6 \|\| =6.4.0-r7 \|\| =6.4.0-r8 \|\| =8.2.0-r0 \|\| =8.2.0-r1 \|\| =8.2.0-r2 \|\| =8.3.0-r0 \|\| =8.3.0-r1 \|\| =9.2.0-r1 \|\| =9.2.0-r2 \|\| =9.2.0-r3 \|\| =9.2.0-r4 \|\| =9.2.0-r5 \|\| =9.2.0-r6 \|\| =9.3.0-r0 \|\| =9.3.0-r1 \|\| =9.3.0-r2 \|\| =9.3.0-r3 \|\| =9.3.0-r4 \|\| >=0 <13.2.1_git20231014-r0	13.2.1_git20231014-r0
alpine v3.22	gcc	=10.2.0-r0 \|\| =10.2.0-r1 \|\| =10.2.0-r2 \|\| =10.2.0-r3 \|\| =10.2.0-r4 \|\| =10.2.0-r5 \|\| =10.2.0-r6 \|\| =10.2.0-r7 \|\| =10.2.1_pre0-r0 \|\| =10.2.1_pre0-r1 \|\| =10.2.1_pre0-r2 \|\| =10.2.1_pre0-r3 \|\| =10.2.1_pre1-r0 \|\| =10.2.1_pre1-r1 \|\| =10.2.1_pre1-r2 \|\| =10.2.1_pre1-r3 \|\| =10.2.1_pre1-r4 \|\| =10.2.1_pre2-r0 \|\| =14.2.0-r0 \|\| =14.2.0-r1 \|\| =14.2.0-r2 \|\| =14.2.0-r3 \|\| =14.2.0-r4 \|\| =14.2.0-r5 \|\| =14.2.0-r6 \|\| =4.3.2-r0 \|\| =4.3.2-r1 \|\| =4.3.2-r2 \|\| =4.3.2-r3 \|\| =4.3.2-r4 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.3-r2 \|\| =4.4.1-r1 \|\| =4.4.1-r10 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.4.3-r1 \|\| =4.4.3-r2 \|\| =4.4.3-r3 \|\| =4.4.4-r0 \|\| =4.4.4-r1 \|\| =4.4.4-r2 \|\| =4.4.4-r3 \|\| =4.4.4-r4 \|\| =4.4.4-r5 \|\| =4.5.1-r5 \|\| =4.5.1-r6 \|\| =4.5.1-r7 \|\| =4.5.1-r8 \|\| =4.5.1-r9 \|\| =4.5.2-r2 \|\| =4.5.2-r3 \|\| =4.5.2-r4 \|\| =4.5.2-r5 \|\| =4.5.2-r6 \|\| =4.5.2-r7 \|\| =4.5.3-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r3 \|\| =4.6.2-r0 \|\| =4.6.2-r1 \|\| =4.6.2-r2 \|\| =4.6.2-r3 \|\| =4.6.2-r4 \|\| =4.6.2-r5 \|\| =4.6.3-r0 \|\| =4.7.1-r0 \|\| =4.7.2-r0 \|\| =4.7.2-r1 \|\| =4.7.2-r2 \|\| =4.7.2-r3 \|\| =4.7.2-r4 \|\| =4.7.3-r0 \|\| =4.7.3-r1 \|\| =4.7.3-r2 \|\| =4.7.3-r3 \|\| =4.7.3-r4 \|\| =4.7.3-r5 \|\| =4.7.3-r6 \|\| =4.7.3-r7 \|\| =4.7.3-r8 \|\| =4.8.1-r0 \|\| =4.8.1-r1 \|\| =4.8.1-r2 \|\| =4.8.1-r4 \|\| =4.8.1-r5 \|\| =4.8.2-r0 \|\| =4.8.2-r1 \|\| =4.8.2-r10 \|\| =4.8.2-r2 \|\| =4.8.2-r3 \|\| =4.8.2-r4 \|\| =4.8.2-r5 \|\| =4.8.2-r6 \|\| =4.8.2-r7 \|\| =4.8.2-r8 \|\| =4.8.2-r9 \|\| =4.8.3-r0 \|\| =4.9.2-r0 \|\| =4.9.2-r1 \|\| =4.9.2-r2 \|\| =4.9.2-r3 \|\| =4.9.2-r4 \|\| =4.9.2-r5 \|\| =4.9.2-r6 \|\| =5.1.0-r0 \|\| =5.2.0-r0 \|\| =5.3.0-r0 \|\| =6.1.0-r0 \|\| =6.1.0-r1 \|\| =6.1.0-r2 \|\| =6.1.0-r3 \|\| =6.1.0-r4 \|\| =6.1.1-r0 \|\| =6.2.0-r0 \|\| =6.2.1-r0 \|\| =6.2.1-r1 \|\| =6.3.0-r1 \|\| =6.3.0-r2 \|\| =6.3.0-r3 \|\| =6.3.0-r4 \|\| =6.4.0-r4 \|\| =6.4.0-r5 \|\| =6.4.0-r6 \|\| =6.4.0-r7 \|\| =6.4.0-r8 \|\| =8.2.0-r0 \|\| =8.2.0-r1 \|\| =8.2.0-r2 \|\| =8.3.0-r0 \|\| =8.3.0-r1 \|\| =9.2.0-r1 \|\| =9.2.0-r2 \|\| =9.2.0-r3 \|\| =9.2.0-r4 \|\| =9.2.0-r5 \|\| =9.2.0-r6 \|\| =9.3.0-r0 \|\| =9.3.0-r1 \|\| =9.3.0-r2 \|\| =9.3.0-r3 \|\| =9.3.0-r4 \|\| >=0 <13.2.1_git20231014-r0	13.2.1_git20231014-r0
debian 11	gcc-10	=10.2.1-16 \|\| =10.2.1-17 \|\| =10.2.1-18 \|\| =10.2.1-19 \|\| =10.2.1-20 \|\| =10.2.1-21 \|\| =10.2.1-23 \|\| =10.2.1-24 \|\| =10.2.1-6 \|\| =10.2.1-6+hurd.1 \|\| =10.3.0-1 \|\| =10.3.0-10 \|\| =10.3.0-11 \|\| =10.3.0-12 \|\| =10.3.0-13 \|\| =10.3.0-14 \|\| =10.3.0-15 \|\| =10.3.0-16 \|\| =10.3.0-2 \|\| =10.3.0-3 \|\| =10.3.0-4 \|\| =10.3.0-5 \|\| =10.3.0-6 \|\| =10.3.0-7 \|\| =10.3.0-8 \|\| =10.3.0-9 \|\| =10.4.0-1 \|\| =10.4.0-2 \|\| =10.4.0-3 \|\| =10.4.0-4 \|\| =10.4.0-5 \|\| =10.4.0-6 \|\| =10.4.0-7 \|\| =10.4.0-8 \|\| =10.4.0-9 \|\| =10.5.0-1 \|\| =10.5.0-2 \|\| =10.5.0-3 \|\| =10.5.0-4	-
debian 12	gcc-11	=11.3.0-12 \|\| =11.3.0-13 \|\| =11.3.0-14 \|\| =11.3.0-15 \|\| =11.4.0-1 \|\| =11.4.0-10 \|\| =11.4.0-2 \|\| =11.4.0-3 \|\| =11.4.0-4 \|\| =11.4.0-5 \|\| =11.4.0-6 \|\| =11.4.0-7 \|\| =11.4.0-8 \|\| =11.4.0-9 \|\| =11.5.0-1 \|\| =11.5.0-10 \|\| =11.5.0-11 \|\| =11.5.0-2 \|\| =11.5.0-3 \|\| =11.5.0-4 \|\| =11.5.0-5 \|\| =11.5.0-6 \|\| =11.5.0-7 \|\| =11.5.0-8 \|\| =11.5.0-9	-
debian 12	gcc-12	=12.2.0-14 \|\| >=0 <12.2.0-14+deb12u1	12.2.0-14+deb12u1
debian 13	gcc-12	>=0 <12.3.0-9	12.3.0-9
debian 14	gcc-12	>=0 <12.3.0-9	12.3.0-9

1-10 of 22

Aliases

1. CVE-2023-40392. NVD-2023-40393. OSV-DEBIAN-2023-40394. OSV-2023-40395. OSV-ALPINE-2023-40396. SECURITY-TRACKER-CVE-2023-40397. SECURITY-CVE-2023-4039

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.