5 results (0.019 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-1010180 – gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution

https://notcve.org/view.php?id=CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html http://www.securityfocus.com/bid/109367 https://security.gentoo.org/glsa/202003-31 https://sourceware.org/bugzilla/show_bug.cgi?id=23657 https://access.redhat.com/security/cve/CVE-2019-1010180 https& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9778

https://notcve.org/view.php?id=CVE-2017-9778

GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. GNU Debugger (GDB) en versiones 8.0 y anteriores no detecta un campo de longitud negativa en una sección DWARF. Una sección mal formada en un binario ELF o un archivo core puede hacer que GDB asigne memoria repetidamente hasta que se alcance el límite de un proceso. • http://www.securityfocus.com/bid/99244 https://sourceware.org/bugzilla/show_bug.cgi?id=21600 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 0

CVE-2011-4355 – gdb: object file .debug_gdb_scripts section improper input validation

https://notcve.org/view.php?id=CVE-2011-4355

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. GNU Project Debugger (GDB) anterior a v7.5, cuando se define .debug_gdb_scripts, carga automáticamente ciertos archivos en el directorio de trabajo actual, permitiendo a usuarios locales obtener privilegios a través de ficheros elaborados, tales como scripts en Python. • http://rhn.redhat.com/errata/RHSA-2013-0522.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://www.securitytracker.com/id/1028191 https://access.redhat.com/security/cve/CVE-2011-4355 https://bugzilla.redhat.com/show_bug.cgi?id=703238 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1705

https://notcve.org/view.php?id=CVE-2005-1705

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. • http://bugs.gentoo.org/show_bug.cgi?id=88398 http://secunia.com/advisories/17072 http://secunia.com/advisories/17356 http://secunia.com/advisories/18506 http://security.gentoo.org/glsa/glsa-200505-15.xml http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 http://www.redhat.com/support/errata/RHSA-2005-709.html http://www.redhat.com/support/errata/RHSA-2005-801.html https://oval.cisecurity.org/re •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1704

https://notcve.org/view.php?id=CVE-2005-1704

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://bugs.gentoo.org/show_bug.cgi?id=91398 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060 http://secunia.com/advisories/15527 http://secunia.com/advisories/17001 http://secunia.com/advisories/17072 http://secunia.com/advisories/17135 http://secunia.com/advisories/17257 http://secunia.com/advisories/17356 http://secunia.com/advisories/17718 http://secunia.com/advisories/18506 http • CWE-189: Numeric Errors •