CVE-2006-1902: Buffer Overflow
First published: Thu Apr 20 2006(Updated: )
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Compiler Collection (GCC) | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356896
- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763
- http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html
- http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01298.html
- http://gcc.gnu.org/viewcvs/branches/gcc-4_1-branch/gcc/fold-const.c?r1=110549&r2=112698&pathrev=112698&diff_format=h
- http://www.securityfocus.com/archive/1/431184/100/0/threaded
- http://www.securityfocus.com/archive/1/431245/100/0/threaded
- http://www.securityfocus.com/archive/1/431297/100/0/threaded
- http://www.securityfocus.com/archive/1/431319/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-1902?
CVE-2006-1902 is considered a moderate severity vulnerability due to the potential for buffer overflow issues.
How do I fix CVE-2006-1902?
To fix CVE-2006-1902, you should upgrade to a more recent version of the GNU Compiler Collection, as version 4.1 is affected.
What types of software are affected by CVE-2006-1902?
CVE-2006-1902 specifically affects version 4.1 of the GNU Compiler Collection (GCC).
What are the consequences of exploiting CVE-2006-1902?
Exploitation of CVE-2006-1902 may lead to buffer overflow vulnerabilities, potentially allowing arbitrary code execution.
When was CVE-2006-1902 reported?
CVE-2006-1902 was reported in 2006, highlighting issues present in the GNU Compiler Collection.
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/gnu
- product/gcc
- canonical/gnu gcc
- canonical/gnu compiler collection (gcc)
- version/gnu compiler collection (gcc)/4.1