CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-1010180 – gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution
https://notcve.org/view.php?id=CVE-2019-1010180
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html http://www.securityfocus.com/bid/109367 https://security.gentoo.org/glsa/202003-31 https://sourceware.org/bugzilla/show_bug.cgi?id=23657 https://access.redhat.com/security/cve/CVE-2019-1010180 https& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9778
https://notcve.org/view.php?id=CVE-2017-9778
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. GNU Debugger (GDB) en versiones 8.0 y anteriores no detecta un campo de longitud negativa en una sección DWARF. Una sección mal formada en un binario ELF o un archivo core puede hacer que GDB asigne memoria repetidamente hasta que se alcance el límite de un proceso. • http://www.securityfocus.com/bid/99244 https://sourceware.org/bugzilla/show_bug.cgi?id=21600 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 0CVE-2011-4355 – gdb: object file .debug_gdb_scripts section improper input validation
https://notcve.org/view.php?id=CVE-2011-4355
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. GNU Project Debugger (GDB) anterior a v7.5, cuando se define .debug_gdb_scripts, carga automáticamente ciertos archivos en el directorio de trabajo actual, permitiendo a usuarios locales obtener privilegios a través de ficheros elaborados, tales como scripts en Python. • http://rhn.redhat.com/errata/RHSA-2013-0522.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://www.securitytracker.com/id/1028191 https://access.redhat.com/security/cve/CVE-2011-4355 https://bugzilla.redhat.com/show_bug.cgi?id=703238 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4146 – GDB buffer overflow
https://notcve.org/view.php?id=CVE-2006-4146
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. Desbordamiento de búfer en el código de depuración (1) DWARF (dwarfread.c) y (2) DWARF2 (dwarf2read.c) en GNU Debugger (GDB) 6.5 permite a atacantes con la intervención del usuario, o a usuarios restringidos, ejecutar código de su elección mediante un archivo creado artesanalmente con un bloque de posición (DW_FORM_block) que contenga un gran número de operaciones. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=304669 http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://secunia.com/advisories/21713 http://secunia.com/advisories/22205 http://secunia.com/advisories/22662 http://secunia.com/advisories/25098 http://secunia.com/advisories/25632 http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1705
https://notcve.org/view.php?id=CVE-2005-1705
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. • http://bugs.gentoo.org/show_bug.cgi?id=88398 http://secunia.com/advisories/17072 http://secunia.com/advisories/17356 http://secunia.com/advisories/18506 http://security.gentoo.org/glsa/glsa-200505-15.xml http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 http://www.redhat.com/support/errata/RHSA-2005-709.html http://www.redhat.com/support/errata/RHSA-2005-801.html https://oval.cisecurity.org/re •