cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-3826,https://securityvulnerability.io/vulnerability/CVE-2021-3826,Heap/Stack Buffer Overflow in libiberty Affects GCC,"A heap/stack buffer overflow vulnerability exists in the dlang_lname function in the libiberty library used by GCC. Exploiting this vulnerability allows attackers to execute a crafted mangled symbol, potentially leading to denial of service conditions such as segmentation faults and application crashes. Proper input validation and sanitization measures are essential to mitigate the risks associated with this vulnerability.",Gnu,Gcc,7.5,HIGH,0.00482999999076128,false,,false,false,false,,,false,false,,2022-09-01T00:00:00.000Z,0
CVE-2022-27943,https://securityvulnerability.io/vulnerability/CVE-2022-27943,Stack Consumption Vulnerability in GNU GCC 11.2,"A vulnerability in the libiberty/rust-demangle.c component of GNU GCC 11.2 allows for potential stack consumption in the demangle_const function. This issue can manifest during the demangling of certain inputs, leading to resource exhaustion that affects the stability of the software environment. Users are advised to review the provided advisories and implement necessary updates to mitigate any risks associated with this vulnerability.",Gnu,Gcc,5.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-26T00:00:00.000Z,0
CVE-2021-46195,https://securityvulnerability.io/vulnerability/CVE-2021-46195,Denial of Service Vulnerability in GCC by GNU,"GCC v12.0 contains a vulnerability stemming from uncontrolled recursion in the libiberty/rust-demangle.c component. This issue can be exploited by an attacker to overwhelm system resources, potentially resulting in a denial of service by significantly consuming CPU and memory. It's crucial for users to be aware of this vulnerability to mitigate associated risks effectively.",Gnu,Gcc,5.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-01-14T19:16:12.000Z,0
CVE-2021-37322,https://securityvulnerability.io/vulnerability/CVE-2021-37322,Use-After-Free Vulnerability in GCC C++ Compilation Tool by GNU,"The GCC c++filt tool, specifically version 2.26, has been identified to have a use-after-free vulnerability within the cplus-dem.c component. This flaw can potentially enable an attacker to manipulate memory, leading to unauthorized access or arbitrary code execution. Proper mitigation measures are essential to protect systems utilizing affected GCC versions from exploitation risks.",Gnu,"Binutils,Gcc",7.8,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2021-11-18T21:11:21.000Z,0
CVE-2002-2439,https://securityvulnerability.io/vulnerability/CVE-2002-2439,Integer Overflow Vulnerability in GCC Compiler by Red Hat,"The vulnerability arises from an integer overflow in the new[] operator within the GNU Compiler Collection (GCC) prior to version 4.8.0. This flaw can potentially allow attackers to exploit the compiler with unspecified consequences, possibly affecting the integrity and security of the compiled applications. It is crucial for users of affected versions to update their systems to prevent any exploitation of this issue.",Gnu,Gcc,7.8,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2019-10-23T17:47:38.000Z,0
CVE-2019-15847,https://securityvulnerability.io/vulnerability/CVE-2019-15847,Vulnerability in GCC affecting POWER9 backends,"The POWER9 backend in the GNU Compiler Collection (GCC) before version 10 has a vulnerability that enables the compiler to improperly optimize multiple calls of the __builtin_darn intrinsic. This optimization can lead to identical outputs from different calls within a single program execution, compromising the expected randomness of the random number generator. The issue arises from a lack of specification for volatile operations, resulting in predictability and reduced entropy in the generated values.",Gnu,Gcc,7.5,HIGH,0.0036899999249726534,false,,false,false,false,,,false,false,,2019-09-02T23:15:00.000Z,0
CVE-2018-12886,https://securityvulnerability.io/vulnerability/CVE-2018-12886,Stack Overflow Bypass in GNU Compiler Collection for ARM Targets,"The GNU Compiler Collection (GCC) versions 4.1 through 8, when targeting ARM architectures, may generate flawed instruction sequences in specific circumstances. This can result in the spilling of the stack protector guard address, enabling a malicious actor to bypass various stack protection features such as -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit. Consequently, this weakness can lead to potential exploitation through crafted inputs that manipulate the expected operation of the stack canary.",Gnu,Gcc,8.1,HIGH,0.003490000031888485,false,,false,false,false,,,false,false,,2019-05-22T18:42:10.000Z,0
CVE-2017-11671,https://securityvulnerability.io/vulnerability/CVE-2017-11671,,"Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.",Gnu,Gcc,4,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2017-07-26T21:00:00.000Z,0
CVE-2015-5276,https://securityvulnerability.io/vulnerability/CVE-2015-5276,,"The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",Gnu,Gcc,,,0.002400000113993883,false,,false,false,false,,,false,false,,2015-11-17T15:00:00.000Z,0
CVE-2008-1685,https://securityvulnerability.io/vulnerability/CVE-2008-1685,,"gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)",Gnu,Gcc,,,0.0018700000364333391,false,,false,false,false,,,false,false,,2008-04-06T23:44:00.000Z,0
CVE-2008-1367,https://securityvulnerability.io/vulnerability/CVE-2008-1367,,"gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.",Gnu,Gcc,,,0.01713000051677227,false,,false,false,false,,,false,false,,2008-03-17T23:00:00.000Z,0
CVE-2006-1902,https://securityvulnerability.io/vulnerability/CVE-2006-1902,,"fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is ""not correctly interpreting an offset to a pointer as a signed value.""",Gnu,Gcc,,,0.0006099999882280827,false,,false,false,false,,,false,false,,2006-04-20T10:00:00.000Z,0
CVE-2000-1219,https://securityvulnerability.io/vulnerability/CVE-2000-1219,,"The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.",Gnu,"Gcc,G\+\+",,,0.002839999971911311,false,,false,false,false,,,false,false,,2000-11-01T05:00:00.000Z,0