Skip to main content

8cc Compiler CVE-2026-50643

| EUVDEUVD-2026-37865 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-18 CERT-PL GHSA-r8v3-j8rv-hmxv
5.1
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local vector; victim must compile the crafted file (UI:R); no privileges needed to supply a source file; read-only impact limits C:L and A:L with no integrity effect.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 18, 2026 - 09:48 vuln.today

DescriptionCVE.org

8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line numbers, an attacker can trigger out-of-bounds memory access and a crash.

Maintainer of this project was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Version corresponding to the commit b480958 was tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.

AnalysisAI

Out-of-bounds read in 8cc, a small C compiler by rui314, allows a local attacker to crash the compiler and potentially disclose compiler process memory by supplying a crafted source file containing malicious #line directives or GNU linemarkers with oversized line numbers. The vulnerability arises because attacker-controlled filename and line number metadata embedded in source files is accepted and used without bounds validation when 8cc accesses internal source line arrays. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft C file with oversized #line directive
Delivery
Deliver file to 8cc build environment
Exploit
Victim or CI system compiles file with 8cc
Execution
Unvalidated line number used as array index
Persist
Out-of-bounds read triggers crash
Impact
Compiler process memory potentially disclosed

Vulnerability AssessmentAI

Exploitation The attacker must supply a crafted C source file containing a malicious #line directive or GNU linemarker with an oversized line number value to a victim who then compiles it using 8cc. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.1 (Medium) reflects a bounded, local-exploitation scenario. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a C source file containing a #line directive with an arbitrarily large line number (e.g., #line 999999999) and delivers it to a developer or automated build system that uses 8cc. When the developer compiles the file, 8cc uses the attacker-supplied line number as an unvalidated array index, reading memory beyond the source line buffer, which causes an immediate compiler crash and may expose adjacent memory contents of the compiler process. …
Remediation No vendor-released patch identified at time of analysis; the maintainer did not respond to CERT-PL's coordinated disclosure notification. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-50643 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy