Vulnerability Note VU#307144
mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR
mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.
ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.
Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:
Force mingw-w64 to retain the relocations table
mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program's source code:
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Arch Linux||Affected||26 Jul 2018||01 Aug 2018|
|CentOS||Affected||26 Jul 2018||01 Aug 2018|
|Debian GNU/Linux||Affected||26 Jul 2018||01 Aug 2018|
|Fedora Project||Affected||26 Jul 2018||01 Aug 2018|
|Gentoo Linux||Affected||26 Jul 2018||01 Aug 2018|
|Red Hat, Inc.||Affected||26 Jul 2018||01 Aug 2018|
|SUSE Linux||Affected||26 Jul 2018||01 Aug 2018|
|Ubuntu||Affected||26 Jul 2018||01 Aug 2018|
|VideoLAN||Affected||23 Jul 2018||01 Aug 2018|
|Alpine Linux||Unknown||26 Jul 2018||26 Jul 2018|
|Arista Networks, Inc.||Unknown||26 Jul 2018||26 Jul 2018|
|ASP Linux||Unknown||26 Jul 2018||26 Jul 2018|
|CoreOS||Unknown||26 Jul 2018||26 Jul 2018|
|ENEA||Unknown||26 Jul 2018||26 Jul 2018|
|Geexbox||Unknown||26 Jul 2018||26 Jul 2018|
CVSS Metrics (Learn More)
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
- CVE IDs: CVE-2018-5392
- Date Public: 09 Jun 2013
- Date First Published: 03 Aug 2018
- Date Last Updated: 03 Aug 2018
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.