Published: 07/06/2017 Updated: 15/06/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu libssp -

Debian Bug report logs - #848704 CVE-2016-4973 Package: src:gcc-mingw-w64; Maintainer for src:gcc-mingw-w64 is Stephen Kitt <skitt@debianorg>; Reported by: Moritz Mühlenhoff <jmm@debianorg> Date: Mon, 19 Dec 2016 17:51:01 UTC Severity: important Tags: security Done: Stephen Kitt <skitt@debianorg> Bug is ...

It was found that targets using gcc's libssp library for Stack Smashing Protection (among others: Cygwin, MinGW, newlib, RTEMS; but not Glibc, Bionic, NetBSD which provide SSP in libc), are missing the Object Size Checking feature, even when explicitly requested with _FORTIFY_SOURCE Vulnerable binaries compiled against such targets do not benefit ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=1324759 http://www.securityfocus.com/bid/92530 http://www.openwall.com/lists/oss-security/2016/08/17/6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848704 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-4973

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-4973

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect