CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-1010180 – gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution
https://notcve.org/view.php?id=CVE-2019-1010180
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html http://www.securityfocus.com/bid/109367 https://security.gentoo.org/glsa/202003-31 https://sourceware.org/bugzilla/show_bug.cgi?id=23657 https://access.redhat.com/security/cve/CVE-2019-1010180 https& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9778
https://notcve.org/view.php?id=CVE-2017-9778
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. GNU Debugger (GDB) en versiones 8.0 y anteriores no detecta un campo de longitud negativa en una sección DWARF. Una sección mal formada en un binario ELF o un archivo core puede hacer que GDB asigne memoria repetidamente hasta que se alcance el límite de un proceso. • http://www.securityfocus.com/bid/99244 https://sourceware.org/bugzilla/show_bug.cgi?id=21600 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 0CVE-2011-4355 – gdb: object file .debug_gdb_scripts section improper input validation
https://notcve.org/view.php?id=CVE-2011-4355
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. GNU Project Debugger (GDB) anterior a v7.5, cuando se define .debug_gdb_scripts, carga automáticamente ciertos archivos en el directorio de trabajo actual, permitiendo a usuarios locales obtener privilegios a través de ficheros elaborados, tales como scripts en Python. • http://rhn.redhat.com/errata/RHSA-2013-0522.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://www.securitytracker.com/id/1028191 https://access.redhat.com/security/cve/CVE-2011-4355 https://bugzilla.redhat.com/show_bug.cgi?id=703238 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •