SUSE SLED15 / SLES15 Security Update : gcc7 (SUSE-SU-2023:3686-1)

medium Nessus Plugin ID 181658



The remote SUSE host is missing a security update.


The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3686-1 advisory.

- A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 181658

File Name: suse_SU-2023-3686-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/20/2023

Updated: 9/21/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information


Risk Factor: Medium

Score: 4.0


Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2023-4039


Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libubsan0-32bit, p-cpe:/a:novell:suse_linux:gcc7, p-cpe:/a:novell:suse_linux:libasan4, p-cpe:/a:novell:suse_linux:libada7, p-cpe:/a:novell:suse_linux:libcilkrts5, p-cpe:/a:novell:suse_linux:gcc7-locale, p-cpe:/a:novell:suse_linux:gcc7-ada, p-cpe:/a:novell:suse_linux:gcc7-c%2b%2b-32bit, p-cpe:/a:novell:suse_linux:libgfortran4-32bit, p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-devel-gcc7-32bit, p-cpe:/a:novell:suse_linux:gcc7-32bit, p-cpe:/a:novell:suse_linux:libasan4-32bit, p-cpe:/a:novell:suse_linux:gcc7-fortran-32bit, p-cpe:/a:novell:suse_linux:gcc7-info, p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-devel-gcc7, p-cpe:/a:novell:suse_linux:libgfortran4, p-cpe:/a:novell:suse_linux:gcc7-c%2b%2b, p-cpe:/a:novell:suse_linux:libcilkrts5-32bit, p-cpe:/a:novell:suse_linux:gcc7-objc, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:cross-nvptx-gcc7, p-cpe:/a:novell:suse_linux:gcc7-fortran, p-cpe:/a:novell:suse_linux:libubsan0, p-cpe:/a:novell:suse_linux:cpp7, p-cpe:/a:novell:suse_linux:cross-nvptx-newlib7-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/19/2023

Vulnerability Publication Date: 9/8/2023

Reference Information

CVE: CVE-2023-4039

SuSE: SUSE-SU-2023:3686-1