{"id":"ALPINE-CVE-2023-4039","details":"**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.","modified":"2025-12-03T22:54:11.353129Z","published":"2023-09-13T09:15:15.690Z","upstream":["CVE-2023-4039"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2023-4039"}],"affected":[{"package":{"name":"gcc","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/gcc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.2.1_git20231014-r0"}]}],"versions":["10.2.0-r0","10.2.0-r1","10.2.0-r2","10.2.0-r3","10.2.0-r4","10.2.0-r5","10.2.0-r6","10.2.0-r7","10.2.1_pre0-r0","10.2.1_pre0-r1","10.2.1_pre0-r2","10.2.1_pre0-r3","10.2.1_pre1-r0","10.2.1_pre1-r1","10.2.1_pre1-r2","10.2.1_pre1-r3","10.2.1_pre1-r4","10.2.1_pre2-r0","4.3.2-r0","4.3.2-r1","4.3.2-r2","4.3.2-r3","4.3.2-r4","4.3.3-r0","4.3.3-r1","4.3.3-r2","4.4.1-r1","4.4.1-r10","4.4.1-r2","4.4.1-r3","4.4.2-r0","4.4.3-r0","4.4.3-r1","4.4.3-r2","4.4.3-r3","4.4.4-r0","4.4.4-r1","4.4.4-r2","4.4.4-r3","4.4.4-r4","4.4.4-r5","4.5.1-r5","4.5.1-r6","4.5.1-r7","4.5.1-r8","4.5.1-r9","4.5.2-r2","4.5.2-r3","4.5.2-r4","4.5.2-r5","4.5.2-r6","4.5.2-r7","4.5.3-r0","4.6.0-r0","4.6.1-r3","4.6.2-r0","4.6.2-r1","4.6.2-r2","4.6.2-r3","4.6.2-r4","4.6.2-r5","4.6.3-r0","4.7.1-r0","4.7.2-r0","4.7.2-r1","4.7.2-r2","4.7.2-r3","4.7.2-r4","4.7.3-r0","4.7.3-r1","4.7.3-r2","4.7.3-r3","4.7.3-r4","4.7.3-r5","4.7.3-r6","4.7.3-r7","4.7.3-r8","4.8.1-r0","4.8.1-r1","4.8.1-r2","4.8.1-r4","4.8.1-r5","4.8.2-r0","4.8.2-r1","4.8.2-r10","4.8.2-r2","4.8.2-r3","4.8.2-r4","4.8.2-r5","4.8.2-r6","4.8.2-r7","4.8.2-r8","4.8.2-r9","4.8.3-r0","4.9.2-r0","4.9.2-r1","4.9.2-r2","4.9.2-r3","4.9.2-r4","4.9.2-r5","4.9.2-r6","5.1.0-r0","5.2.0-r0","5.3.0-r0","6.1.0-r0","6.1.0-r1","6.1.0-r2","6.1.0-r3","6.1.0-r4","6.1.1-r0","6.2.0-r0","6.2.1-r0","6.2.1-r1","6.3.0-r1","6.3.0-r2","6.3.0-r3","6.3.0-r4","6.4.0-r4","6.4.0-r5","6.4.0-r6","6.4.0-r7","6.4.0-r8","8.2.0-r0","8.2.0-r1","8.2.0-r2","8.3.0-r0","8.3.0-r1","9.2.0-r1","9.2.0-r2","9.2.0-r3","9.2.0-r4","9.2.0-r5","9.2.0-r6","9.3.0-r0","9.3.0-r1","9.3.0-r2","9.3.0-r3","9.3.0-r4"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-4039.json"}},{"package":{"name":"gcc","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/gcc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.2.1_git20231014-r0"}]}],"versions":["10.2.0-r0","10.2.0-r1","10.2.0-r2","10.2.0-r3","10.2.0-r4","10.2.0-r5","10.2.0-r6","10.2.0-r7","10.2.1_pre0-r0","10.2.1_pre0-r1","10.2.1_pre0-r2","10.2.1_pre0-r3","10.2.1_pre1-r0","10.2.1_pre1-r1","10.2.1_pre1-r2","10.2.1_pre1-r3","10.2.1_pre1-r4","10.2.1_pre2-r0","4.3.2-r0","4.3.2-r1","4.3.2-r2","4.3.2-r3","4.3.2-r4","4.3.3-r0","4.3.3-r1","4.3.3-r2","4.4.1-r1","4.4.1-r10","4.4.1-r2","4.4.1-r3","4.4.2-r0","4.4.3-r0","4.4.3-r1","4.4.3-r2","4.4.3-r3","4.4.4-r0","4.4.4-r1","4.4.4-r2","4.4.4-r3","4.4.4-r4","4.4.4-r5","4.5.1-r5","4.5.1-r6","4.5.1-r7","4.5.1-r8","4.5.1-r9","4.5.2-r2","4.5.2-r3","4.5.2-r4","4.5.2-r5","4.5.2-r6","4.5.2-r7","4.5.3-r0","4.6.0-r0","4.6.1-r3","4.6.2-r0","4.6.2-r1","4.6.2-r2","4.6.2-r3","4.6.2-r4","4.6.2-r5","4.6.3-r0","4.7.1-r0","4.7.2-r0","4.7.2-r1","4.7.2-r2","4.7.2-r3","4.7.2-r4","4.7.3-r0","4.7.3-r1","4.7.3-r2","4.7.3-r3","4.7.3-r4","4.7.3-r5","4.7.3-r6","4.7.3-r7","4.7.3-r8","4.8.1-r0","4.8.1-r1","4.8.1-r2","4.8.1-r4","4.8.1-r5","4.8.2-r0","4.8.2-r1","4.8.2-r10","4.8.2-r2","4.8.2-r3","4.8.2-r4","4.8.2-r5","4.8.2-r6","4.8.2-r7","4.8.2-r8","4.8.2-r9","4.8.3-r0","4.9.2-r0","4.9.2-r1","4.9.2-r2","4.9.2-r3","4.9.2-r4","4.9.2-r5","4.9.2-r6","5.1.0-r0","5.2.0-r0","5.3.0-r0","6.1.0-r0","6.1.0-r1","6.1.0-r2","6.1.0-r3","6.1.0-r4","6.1.1-r0","6.2.0-r0","6.2.1-r0","6.2.1-r1","6.3.0-r1","6.3.0-r2","6.3.0-r3","6.3.0-r4","6.4.0-r4","6.4.0-r5","6.4.0-r6","6.4.0-r7","6.4.0-r8","8.2.0-r0","8.2.0-r1","8.2.0-r2","8.3.0-r0","8.3.0-r1","9.2.0-r1","9.2.0-r2","9.2.0-r3","9.2.0-r4","9.2.0-r5","9.2.0-r6","9.3.0-r0","9.3.0-r1","9.3.0-r2","9.3.0-r3","9.3.0-r4"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-4039.json"}},{"package":{"name":"gcc","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/gcc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.2.1_git20231014-r0"}]}],"versions":["10.2.0-r0","10.2.0-r1","10.2.0-r2","10.2.0-r3","10.2.0-r4","10.2.0-r5","10.2.0-r6","10.2.0-r7","10.2.1_pre0-r0","10.2.1_pre0-r1","10.2.1_pre0-r2","10.2.1_pre0-r3","10.2.1_pre1-r0","10.2.1_pre1-r1","10.2.1_pre1-r2","10.2.1_pre1-r3","10.2.1_pre1-r4","10.2.1_pre2-r0","14.2.0-r0","14.2.0-r1","14.2.0-r2","14.2.0-r3","14.2.0-r4","4.3.2-r0","4.3.2-r1","4.3.2-r2","4.3.2-r3","4.3.2-r4","4.3.3-r0","4.3.3-r1","4.3.3-r2","4.4.1-r1","4.4.1-r10","4.4.1-r2","4.4.1-r3","4.4.2-r0","4.4.3-r0","4.4.3-r1","4.4.3-r2","4.4.3-r3","4.4.4-r0","4.4.4-r1","4.4.4-r2","4.4.4-r3","4.4.4-r4","4.4.4-r5","4.5.1-r5","4.5.1-r6","4.5.1-r7","4.5.1-r8","4.5.1-r9","4.5.2-r2","4.5.2-r3","4.5.2-r4","4.5.2-r5","4.5.2-r6","4.5.2-r7","4.5.3-r0","4.6.0-r0","4.6.1-r3","4.6.2-r0","4.6.2-r1","4.6.2-r2","4.6.2-r3","4.6.2-r4","4.6.2-r5","4.6.3-r0","4.7.1-r0","4.7.2-r0","4.7.2-r1","4.7.2-r2","4.7.2-r3","4.7.2-r4","4.7.3-r0","4.7.3-r1","4.7.3-r2","4.7.3-r3","4.7.3-r4","4.7.3-r5","4.7.3-r6","4.7.3-r7","4.7.3-r8","4.8.1-r0","4.8.1-r1","4.8.1-r2","4.8.1-r4","4.8.1-r5","4.8.2-r0","4.8.2-r1","4.8.2-r10","4.8.2-r2","4.8.2-r3","4.8.2-r4","4.8.2-r5","4.8.2-r6","4.8.2-r7","4.8.2-r8","4.8.2-r9","4.8.3-r0","4.9.2-r0","4.9.2-r1","4.9.2-r2","4.9.2-r3","4.9.2-r4","4.9.2-r5","4.9.2-r6","5.1.0-r0","5.2.0-r0","5.3.0-r0","6.1.0-r0","6.1.0-r1","6.1.0-r2","6.1.0-r3","6.1.0-r4","6.1.1-r0","6.2.0-r0","6.2.1-r0","6.2.1-r1","6.3.0-r1","6.3.0-r2","6.3.0-r3","6.3.0-r4","6.4.0-r4","6.4.0-r5","6.4.0-r6","6.4.0-r7","6.4.0-r8","8.2.0-r0","8.2.0-r1","8.2.0-r2","8.3.0-r0","8.3.0-r1","9.2.0-r1","9.2.0-r2","9.2.0-r3","9.2.0-r4","9.2.0-r5","9.2.0-r6","9.3.0-r0","9.3.0-r1","9.3.0-r2","9.3.0-r3","9.3.0-r4"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-4039.json"}},{"package":{"name":"gcc","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/gcc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.2.1_git20231014-r0"}]}],"versions":["10.2.0-r0","10.2.0-r1","10.2.0-r2","10.2.0-r3","10.2.0-r4","10.2.0-r5","10.2.0-r6","10.2.0-r7","10.2.1_pre0-r0","10.2.1_pre0-r1","10.2.1_pre0-r2","10.2.1_pre0-r3","10.2.1_pre1-r0","10.2.1_pre1-r1","10.2.1_pre1-r2","10.2.1_pre1-r3","10.2.1_pre1-r4","10.2.1_pre2-r0","14.2.0-r0","14.2.0-r1","14.2.0-r2","14.2.0-r3","14.2.0-r4","14.2.0-r5","14.2.0-r6","4.3.2-r0","4.3.2-r1","4.3.2-r2","4.3.2-r3","4.3.2-r4","4.3.3-r0","4.3.3-r1","4.3.3-r2","4.4.1-r1","4.4.1-r10","4.4.1-r2","4.4.1-r3","4.4.2-r0","4.4.3-r0","4.4.3-r1","4.4.3-r2","4.4.3-r3","4.4.4-r0","4.4.4-r1","4.4.4-r2","4.4.4-r3","4.4.4-r4","4.4.4-r5","4.5.1-r5","4.5.1-r6","4.5.1-r7","4.5.1-r8","4.5.1-r9","4.5.2-r2","4.5.2-r3","4.5.2-r4","4.5.2-r5","4.5.2-r6","4.5.2-r7","4.5.3-r0","4.6.0-r0","4.6.1-r3","4.6.2-r0","4.6.2-r1","4.6.2-r2","4.6.2-r3","4.6.2-r4","4.6.2-r5","4.6.3-r0","4.7.1-r0","4.7.2-r0","4.7.2-r1","4.7.2-r2","4.7.2-r3","4.7.2-r4","4.7.3-r0","4.7.3-r1","4.7.3-r2","4.7.3-r3","4.7.3-r4","4.7.3-r5","4.7.3-r6","4.7.3-r7","4.7.3-r8","4.8.1-r0","4.8.1-r1","4.8.1-r2","4.8.1-r4","4.8.1-r5","4.8.2-r0","4.8.2-r1","4.8.2-r10","4.8.2-r2","4.8.2-r3","4.8.2-r4","4.8.2-r5","4.8.2-r6","4.8.2-r7","4.8.2-r8","4.8.2-r9","4.8.3-r0","4.9.2-r0","4.9.2-r1","4.9.2-r2","4.9.2-r3","4.9.2-r4","4.9.2-r5","4.9.2-r6","5.1.0-r0","5.2.0-r0","5.3.0-r0","6.1.0-r0","6.1.0-r1","6.1.0-r2","6.1.0-r3","6.1.0-r4","6.1.1-r0","6.2.0-r0","6.2.1-r0","6.2.1-r1","6.3.0-r1","6.3.0-r2","6.3.0-r3","6.3.0-r4","6.4.0-r4","6.4.0-r5","6.4.0-r6","6.4.0-r7","6.4.0-r8","8.2.0-r0","8.2.0-r1","8.2.0-r2","8.3.0-r0","8.3.0-r1","9.2.0-r1","9.2.0-r2","9.2.0-r3","9.2.0-r4","9.2.0-r5","9.2.0-r6","9.3.0-r0","9.3.0-r1","9.3.0-r2","9.3.0-r3","9.3.0-r4"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-4039.json"}},{"package":{"name":"gcc","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/gcc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.2.1_git20231014-r0"}]}],"versions":["10.2.0-r0","10.2.0-r1","10.2.0-r2","10.2.0-r3","10.2.0-r4","10.2.0-r5","10.2.0-r6","10.2.0-r7","10.2.1_pre0-r0","10.2.1_pre0-r1","10.2.1_pre0-r2","10.2.1_pre0-r3","10.2.1_pre1-r0","10.2.1_pre1-r1","10.2.1_pre1-r2","10.2.1_pre1-r3","10.2.1_pre1-r4","10.2.1_pre2-r0","14.2.0-r0","14.2.0-r1","14.2.0-r2","14.2.0-r3","14.2.0-r4","14.2.0-r5","14.2.0-r6","14.3.0-r0","14.3.0-r1","14.3.0-r2","14.3.0-r3","14.3.0-r4","14.3.0-r5","14.3.0-r6","15.2.0-r0","15.2.0-r1","15.2.0-r2","4.3.2-r0","4.3.2-r1","4.3.2-r2","4.3.2-r3","4.3.2-r4","4.3.3-r0","4.3.3-r1","4.3.3-r2","4.4.1-r1","4.4.1-r10","4.4.1-r2","4.4.1-r3","4.4.2-r0","4.4.3-r0","4.4.3-r1","4.4.3-r2","4.4.3-r3","4.4.4-r0","4.4.4-r1","4.4.4-r2","4.4.4-r3","4.4.4-r4","4.4.4-r5","4.5.1-r5","4.5.1-r6","4.5.1-r7","4.5.1-r8","4.5.1-r9","4.5.2-r2","4.5.2-r3","4.5.2-r4","4.5.2-r5","4.5.2-r6","4.5.2-r7","4.5.3-r0","4.6.0-r0","4.6.1-r3","4.6.2-r0","4.6.2-r1","4.6.2-r2","4.6.2-r3","4.6.2-r4","4.6.2-r5","4.6.3-r0","4.7.1-r0","4.7.2-r0","4.7.2-r1","4.7.2-r2","4.7.2-r3","4.7.2-r4","4.7.3-r0","4.7.3-r1","4.7.3-r2","4.7.3-r3","4.7.3-r4","4.7.3-r5","4.7.3-r6","4.7.3-r7","4.7.3-r8","4.8.1-r0","4.8.1-r1","4.8.1-r2","4.8.1-r4","4.8.1-r5","4.8.2-r0","4.8.2-r1","4.8.2-r10","4.8.2-r2","4.8.2-r3","4.8.2-r4","4.8.2-r5","4.8.2-r6","4.8.2-r7","4.8.2-r8","4.8.2-r9","4.8.3-r0","4.9.2-r0","4.9.2-r1","4.9.2-r2","4.9.2-r3","4.9.2-r4","4.9.2-r5","4.9.2-r6","5.1.0-r0","5.2.0-r0","5.3.0-r0","6.1.0-r0","6.1.0-r1","6.1.0-r2","6.1.0-r3","6.1.0-r4","6.1.1-r0","6.2.0-r0","6.2.1-r0","6.2.1-r1","6.3.0-r1","6.3.0-r2","6.3.0-r3","6.3.0-r4","6.4.0-r4","6.4.0-r5","6.4.0-r6","6.4.0-r7","6.4.0-r8","8.2.0-r0","8.2.0-r1","8.2.0-r2","8.3.0-r0","8.3.0-r1","9.2.0-r1","9.2.0-r2","9.2.0-r3","9.2.0-r4","9.2.0-r5","9.2.0-r6","9.3.0-r0","9.3.0-r1","9.3.0-r2","9.3.0-r3","9.3.0-r4"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-4039.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}