CVE-2008-1685

GCC 4.2.0-4.3.0 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Title source: llm
STIX 2.1

Description

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41686
Various Sources x_refsource_misc
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/162289

Scores

EPSS 0.0201
EPSS Percentile 83.9%

Details

CWE
CWE-119 CWE-189
Status published
Products (6)
gnu/gcc 4.2.0
gnu/gcc 4.2.1
gnu/gcc 4.2.2
gnu/gcc 4.2.3
gnu/gcc 4.2.4
gnu/gcc 4.3.0
Published Apr 06, 2008
Tracked Since Feb 18, 2026