CVE-2018-5392

Priority
Description
mingw-w64 version 5.0.4 by default produces executables that opt in to
ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation
technique used by modern Windows platforms. For ASLR to function, Windows
executables must contain a relocations table. Despite containing the
"Dynamic base" PE header, which indicates ASLR compatibility, Windows
executables produced by mingw-w64 have the relocations table stripped from
them by default. This means that executables produced by mingw-w64 are
vulnerable to return-oriented programming (ROP) attacks. Windows
executables generated by mingw-w64 claim to be ASLR compatible, but are
not. Vulnerabilities in such executables are more easily exploitable as a
result.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
More Information

Updated: 2020-01-29 18:55:29 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)