{"id":34585,"date":"2020-04-23T10:06:12","date_gmt":"2020-04-23T10:06:12","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/"},"modified":"2020-04-23T10:06:12","modified_gmt":"2020-04-23T10:06:12","slug":"gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/","title":{"rendered":"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2020\/04\/23\/shutterstock_bug.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win \u2013 it snared an exploitable flaw in OpenSSL.<\/p>\n<p>Bernd Edlinger discovered <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.openssl.org\/news\/secadv\/20200421.txt\">CVE-2020-1967<\/a>, a denial-of-service flaw deemed to be a high severity risk by the OpenSSL team. It is possible to crash a server or application that uses a vulnerable build of OpenSSL by sending specially crafted messages while setting up a TLS 1.3 connection.<\/p>\n<p>This means it&#8217;s possible to disrupt or knock offline HTTPS websites that use a vulnerable version of the crypto library, by sending a prod-of-death. It can also be used by rogue servers to crash web browsers and other apps connecting in.<\/p>\n<p>OpenSSL is a software library widely used to provide encrypted connections across networks and the internet. Here&#8217;s the technical description from the OpenSSL maintainers of the flaw:<\/p>\n<p>The programming blunder is fixed in the OpenSSL 1.1.1.g release: versions 1.1.1d, 1.1.1e, and 1.1.1f are affected. Users with buggy versions installed are advised to upgrade as soon as possible. Developers shipping the library should update their packages and push them to users to install. Matt Caswell and Benjamin Kaduk are credited for performing further analysis of the bug prior to its disclosure this week.<\/p>\n<p>While the flaw is an irritation \u2013 it&#8217;s not remote-code execution but it can potentially hose servers and apps \u2013 programmers may be more interested in how it was uncovered. Edlinger credits the discovery of the bug to GCC 10&#8217;s brand new <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/gcc.gnu.org\/wiki\/DavidMalcolm\/StaticAnalyzer\">static analysis feature<\/a>. Edlinger ran that tool over the OpenSSL source, and the flaw was revealed in diagnostic output.<\/p>\n<p>The static analysis feature was introduced as a way to check C code for common exploitable programming gaffes during build time, before any binaries are shipped to users. It can catch things like double <code>free()<\/code> calls, use-after-<code>free()<\/code> calls, memory leaks, and so on. C++ support is said to be in the works.<\/p>\n<p>Last month, Red Hat toolchain developer David Malcolm, who worked on the feature, said the aim was to help developers iron out potentially exploitable vulnerabilities in their code prior to release.<\/p>\n<p>&#8220;My thinking here is that it\u2019s best to catch problems as early as possible as the code is written, using the compiler the code is written in as part of the compile-edit-debug cycle, rather than having static analysis as an extra tool &#8216;on the side&#8217; (perhaps proprietary),&#8221; he <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/developers.redhat.com\/blog\/2020\/03\/26\/static-analysis-in-gcc-10\/\">explained<\/a> in a technical memo that details the analyzer&#8217;s features.<\/p>\n<p>&#8220;Hence, it seems worthwhile to have a static analyzer built into the compiler that can see exactly the same code as the compiler sees \u2014 because it <em>is<\/em> the compiler.&#8221;<\/p>\n<p>That the analyzer tool, accessed through the <code>-fanalyzer<\/code> command-line option, has already been shown to be capable of catching serious errors in deployed code will be a nice vote of confidence in the feature.<\/p>\n<p>&#8220;My hope is that the analyzer provides a decent amount of extra checking while not being too expensive,&#8221; Malcolm said earlier. &#8220;I\u2019ve aimed for -fanalyzer to &#8216;merely&#8217; double the compile time as a reasonable trade-off for the extra checks.&#8221;<\/p>\n<p>For what it&#8217;s worth, other toolchains, <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/clang.llvm.org\/docs\/ClangStaticAnalyzer.html\">such as Clang-LLVM<\/a>, feature static analysis, though it&#8217;s good to see it built into GCC, which is used to compile a huge number of things, not least the Linux kernel. That means hopefully a good number of security bugs out there will be discovered and squashed as more programmers migrate to GCC 10 and take the analyzer out for a spin (preferably ahead of miscreants using the feature to develop exploit code for nefarious purposes.)<\/p>\n<p>The analyzer is available from the master branch of the GCC 10 <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/gcc.gnu.org\/\">source code<\/a>. It&#8217;s hoped the feature will be finalized in time for version 10&#8217;s official release, due this month or next. The current latest version is 9.3. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1916\/-8373\/practical-tips-for-office-365-tenant-to-tenant-migration?td=wptl1916\">Practical tips for Office 365 tenant-to-tenant migration<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2020\/04\/23\/gcc_openssl_vulnerability\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Static analyzer proves its worth with discovery of null-pointer error A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win \u2013 it snared an exploitable flaw in OpenSSL.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34586,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-34585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-23T10:06:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"750\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps\",\"datePublished\":\"2020-04-23T10:06:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/\"},\"wordCount\":669,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/\",\"name\":\"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg\",\"datePublished\":\"2020-04-23T10:06:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg\",\"width\":1000,\"height\":750},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/","og_locale":"en_US","og_type":"article","og_title":"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-23T10:06:12+00:00","og_image":[{"width":1000,"height":750,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps","datePublished":"2020-04-23T10:06:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/"},"wordCount":669,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/","url":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/","name":"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg","datePublished":"2020-04-23T10:06:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps.jpg","width":1000,"height":750},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/gcc-10-gets-security-bug-trap-and-look-what-just-fell-into-it-openssl-and-a-prod-of-death-flaw-in-servers-and-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34585"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34586"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}