Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Tools
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in 8cc compiler
18 June 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2026-50643
Publication date 18 June 2026
Vendor rui314
Product 8cc
Vulnerable versions b480958
Vulnerability type (CWE) Out-of-bounds Read (CWE-125)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in 8cc compiler and participated in coordination of its disclosure.

The vulnerability CVE-2026-50643: 8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line numbers, an attacker can trigger out-of-bounds memory access and a crash.

Maintainer of this project was notified early about this vulnerability, but did not respond with the details of vulnerability or vulnerable version range. Version corresponding to the commit b480958 was tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.

Credits

We thank Michal Majchrowicz and Marcin Wyczechowski (AFINE) for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.