What is the severity of CVE-2008-1685?

CVE-2008-1685 is considered a medium severity vulnerability due to its potential impact on integer overflow protection in GCC.

How do I fix CVE-2008-1685?

To fix CVE-2008-1685, upgrade to a patched version of GCC, specifically 4.3.1 or later.

Which versions of GCC are affected by CVE-2008-1685?

CVE-2008-1685 affects GCC versions 4.2.0 through 4.3.0.

What type of vulnerability is CVE-2008-1685?

CVE-2008-1685 is a type of integer overflow vulnerability caused by improper handling of pointer arithmetic.

Is CVE-2008-1685 a confirmed vulnerability?

CVE-2008-1685 is disputed; however, it has been acknowledged as a potential issue within the affected versions.

Vulnerability/
CVE-2008-1685

medium

6.8

CWE

119 190 189

6/4/2008

7/8/2024

CVE-2008-1685: Buffer Overflow

First published: Sun Apr 06 2008(Updated: )

** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999).

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
GNU Compiler Collection (GCC)	=4.2.4
GNU Compiler Collection (GCC)	=4.2.0
GNU Compiler Collection (GCC)	=4.2.1
GNU Compiler Collection (GCC)	=4.2.3
GNU Compiler Collection (GCC)	=4.3.0
GNU Compiler Collection (GCC)	=4.2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-1685?
CVE-2008-1685 is considered a medium severity vulnerability due to its potential impact on integer overflow protection in GCC.
How do I fix CVE-2008-1685?
To fix CVE-2008-1685, upgrade to a patched version of GCC, specifically 4.3.1 or later.
Which versions of GCC are affected by CVE-2008-1685?
CVE-2008-1685 affects GCC versions 4.2.0 through 4.3.0.
What type of vulnerability is CVE-2008-1685?
CVE-2008-1685 is a type of integer overflow vulnerability caused by improper handling of pointer arithmetic.
Is CVE-2008-1685 a confirmed vulnerability?
CVE-2008-1685 is disputed; however, it has been acknowledged as a potential issue within the affected versions.

agent/author
agent/type
agent/weakness
agent/references
agent/severity
agent/status
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/event
agent/first-publish-date
agent/last-modified-date
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/gnu
canonical/gnu compiler collection (gcc)
version/gnu compiler collection (gcc)/4.2.4
version/gnu compiler collection (gcc)/4.2.0
version/gnu compiler collection (gcc)/4.2.1
version/gnu compiler collection (gcc)/4.2.3
version/gnu compiler collection (gcc)/4.3.0
version/gnu compiler collection (gcc)/4.2.2
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.