8Cc
Monthly
Out-of-bounds read in 8cc, a small C compiler by rui314, allows a local attacker to crash the compiler and potentially disclose compiler process memory by supplying a crafted source file containing malicious #line directives or GNU linemarkers with oversized line numbers. The vulnerability arises because attacker-controlled filename and line number metadata embedded in source files is accepted and used without bounds validation when 8cc accesses internal source line arrays. No patch is available at time of analysis; the maintainer did not respond to CERT-PL's coordinated disclosure. No public exploit identified at time of analysis, though CERT-PL confirmed the vulnerability at commit b480958.
Out-of-bounds read in 8cc, a small C compiler by rui314, allows a local attacker to crash the compiler and potentially disclose compiler process memory by supplying a crafted source file containing malicious #line directives or GNU linemarkers with oversized line numbers. The vulnerability arises because attacker-controlled filename and line number metadata embedded in source files is accepted and used without bounds validation when 8cc accesses internal source line arrays. No patch is available at time of analysis; the maintainer did not respond to CERT-PL's coordinated disclosure. No public exploit identified at time of analysis, though CERT-PL confirmed the vulnerability at commit b480958.