gccgcc-core-4.5.3: 1 vulnerabilities (highest severity is: 7.8) - autoclosed

[mend-for-github-com[bot]]

Vulnerable Library - gccgcc-core-4.5.3

Gnu Distributions

Library home page: https://ftp.gnu.org/gnu/gcc?wsslib=gcc

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (1)

/release/src-rt-6.x.4708/toolchains/hndtools-arm-linux-2.6.36-uclibc-4.5.3/lib/gcc/arm-brcm-linux-uclibcgnueabi/4.5.3/plugin/include/cp/cp-tree.h

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (gccgcc-core version)	Remediation Available
CVE-2002-2439	High	7.8	gccgcc-core-4.5.3	Direct	gcc-4.8.0	❌

Details

CVE-2002-2439

### Vulnerable Library - gccgcc-core-4.5.3

Gnu Distributions

Library home page: https://ftp.gnu.org/gnu/gcc?wsslib=gcc

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

/release/src-rt-6.x.4708/toolchains/hndtools-arm-linux-2.6.36-uclibc-4.5.3/lib/gcc/arm-brcm-linux-uclibcgnueabi/4.5.3/plugin/include/cp/cp-tree.h

### Vulnerability Details

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

Publish Date: 2019-10-23

URL: CVE-2002-2439

### CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439

Release Date: 2019-10-23

Fix Resolution: gcc-4.8.0

[mend-for-github-com[bot]]

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #51

[mend-for-github-com[bot]]

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #51