Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2018-12886

Published: 22/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gnu

Vulnerability Summary

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an malicious user to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gcc

Vendor Advisories

Red Hat: CVE-2018-12886
Impact: Moderate Public Date: 2019-05-22 CWE: CWE-119 Bugzilla: 1715823: CVE-2018-12886 gcc: spilling o ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/TimesysGit/vigiles-openwrt

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.

Timesys Vigiles For OpenWrt This is a collection of tools for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time CVE Analysis of OpenWrt target images It does this by collecting metadata about packages to be installed and up

https://github.com/lucky-sideburn/secpod_wrap

A small Python utility for wrapping some CNCF tools.

secpod_wrap Description A small Python utility for wrapping some CNCF tools At moment it wraps Trivy of Aqua Security, store on SQLite CVE of running pods, reports their owners (Jobs, StatefulSets, Deployments,) Usage Store on SQLite a vulnerability detection related to running pods export K8S_TOKEN="" export K8S_URL="1921685899:6443" /se

References

CWE-209https://www.gnu.org/software/gcc/gcc-8/changes.htmlhttps://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markuphttps://nvd.nist.govhttps://github.com/TimesysGit/vigiles-openwrthttps://access.redhat.com/security/cve/cve-2018-12886https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook