Executive Summary

Title mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR
NameVU#307144First vendor Publication2018-08-03
VendorVU-CERTLast vendor Modification2018-08-03
Severity (Vendor) N/ARevisionM

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#307144

mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

Original Release date: 03 Aug 2018 | Last revised: 03 Aug 2018


mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.


ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.


Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.


The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:

Force mingw-w64 to retain the relocations table

mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program's source code:

This line will cause the following function to be exported. When generating an executable that exports a function name, mingw-w64 will not strip the relocations table.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Arch LinuxAffected26 Jul 201801 Aug 2018
CentOSAffected26 Jul 201801 Aug 2018
Debian GNU/LinuxAffected26 Jul 201801 Aug 2018
Fedora ProjectAffected26 Jul 201801 Aug 2018
Gentoo LinuxAffected26 Jul 201801 Aug 2018
Red Hat, Inc.Affected26 Jul 201801 Aug 2018
SUSE LinuxAffected26 Jul 201801 Aug 2018
UbuntuAffected26 Jul 201801 Aug 2018
VideoLANAffected23 Jul 201801 Aug 2018
Alpine LinuxUnknown26 Jul 201826 Jul 2018
Arista Networks, Inc.Unknown26 Jul 201826 Jul 2018
ASP LinuxUnknown26 Jul 201826 Jul 2018
CoreOSUnknown26 Jul 201826 Jul 2018
ENEAUnknown26 Jul 201826 Jul 2018
GeexboxUnknown26 Jul 201826 Jul 2018
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)



  • https://sourceforge.net/p/mingw-w64/mailman/message/31034877/
  • https://sourceware.org/bugzilla/show_bug.cgi?id=17321
  • https://sourceware.org/bugzilla/show_bug.cgi?id=19011


This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

  • CVE IDs:CVE-2018-5392
  • Date Public:09 Jun 2013
  • Date First Published:03 Aug 2018
  • Date Last Updated:03 Aug 2018
  • Document Revision:9


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/307144

CPE : Common Platform Enumeration


Alert History

If you want to see full details history, please login or register.
2018-10-12 21:22:11
  • Multiple Updates
2018-08-14 21:22:00
  • Multiple Updates
2018-08-03 17:18:31
  • First insertion