cve/2023/CVE-2023-4039.md

### [CVE-2023-4039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4039)
![](https://img.shields.io/static/v1?label=Product&message=Arm%20GNU%20Toolchain&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GCC&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20of%20GCC%20that%20target%20AArch64%20when%20option%20-fstack-protector%20is%20used%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%20Protection%20Mechanism%20Failure&color=brighgreen)

### Description

** DISPUTED ** **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

### POC

#### Reference
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf

#### Github
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/bollwarm/SecToolSet
- https://github.com/fokypoky/places-list
- https://github.com/m-pasima/CI-CD-Security-image-scan