Vulnerabilites related to gnu - gdb
cve-2019-1010180
Vulnerability from cvelistv5
Published
2019-07-24 12:01
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=23657 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109367 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202003-31 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:07:18.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", }, { name: "109367", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109367", }, { name: "openSUSE-SU-2019:2415", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", }, { name: "openSUSE-SU-2019:2432", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", }, { name: "openSUSE-SU-2019:2493", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", }, { name: "openSUSE-SU-2019:2494", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", }, { name: "GLSA-202003-31", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-31", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gdb", vendor: "GNU", versions: [ { status: "affected", version: "All versions (At least as of date 2018-09-16)", }, ], }, ], descriptions: [ { lang: "en", value: "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow - Out of bound memory access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-15T20:05:59", orgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", shortName: "dwf", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", }, { name: "109367", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109367", }, { name: "openSUSE-SU-2019:2415", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", }, { name: "openSUSE-SU-2019:2432", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", }, { name: "openSUSE-SU-2019:2493", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", }, { name: "openSUSE-SU-2019:2494", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", }, { name: "GLSA-202003-31", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-31", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve-assign@distributedweaknessfiling.org", ID: "CVE-2019-1010180", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gdb", version: { version_data: [ { version_value: "All versions (At least as of date 2018-09-16)", }, ], }, }, ], }, vendor_name: "GNU", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Overflow - Out of bound memory access", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", }, { name: "109367", refsource: "BID", url: "http://www.securityfocus.com/bid/109367", }, { name: "openSUSE-SU-2019:2415", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", }, { name: "openSUSE-SU-2019:2432", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", }, { name: "openSUSE-SU-2019:2493", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", }, { name: "openSUSE-SU-2019:2494", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", }, { name: "GLSA-202003-31", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-31", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", assignerShortName: "dwf", cveId: "CVE-2019-1010180", datePublished: "2019-07-24T12:01:08", dateReserved: "2019-03-20T00:00:00", dateUpdated: "2024-08-05T03:07:18.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39128
Vulnerability from cvelistv5
Published
2023-07-25 00:00
Modified
2024-10-24 14:12
Severity ?
EPSS score ?
Summary
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:05.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30639", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:gnu:gdb:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gdb", vendor: "gnu", versions: [ { status: "affected", version: "13.0.50.20220805-git", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39128", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T14:06:23.576735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T14:12:09.968Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30639", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-39128", datePublished: "2023-07-25T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-10-24T14:12:09.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9778
Vulnerability from cvelistv5
Published
2017-06-21 07:00
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=21600 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99244 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:18:02.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=21600", }, { name: "99244", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99244", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-06-21T00:00:00", descriptions: [ { lang: "en", value: "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-26T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=21600", }, { name: "99244", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99244", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=21600", refsource: "CONFIRM", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=21600", }, { name: "99244", refsource: "BID", url: "http://www.securityfocus.com/bid/99244", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9778", datePublished: "2017-06-21T07:00:00", dateReserved: "2017-06-21T00:00:00", dateUpdated: "2024-08-05T17:18:02.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-4146
Vulnerability from cvelistv5
Published
2006-08-31 22:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T18:57:46.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html", }, { name: "ADV-2006-4283", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4283", }, { name: "25098", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25098", }, { name: "GLSA-200711-23", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200711-23.xml", }, { name: "25894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25894", }, { name: "RHSA-2007:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0469.html", }, { name: "ADV-2007-3229", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3229", }, { name: "APPLE-SA-2006-10-31", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html", }, { name: "28318", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/28318", }, { name: "1017138", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017138", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", }, { name: "oval:org.mitre.oval:def:10463", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463", }, { name: "RHSA-2007:0229", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0229.html", }, { name: "22662", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22662", }, { name: "25632", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25632", }, { name: "25934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25934", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=304669", }, { name: "ADV-2006-3433", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3433", }, { name: "26909", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26909", }, { name: "27706", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27706", }, { name: "21713", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21713", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", }, { name: "22205", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22205", }, { name: "19802", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/19802", }, { name: "20070602-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { name: "USN-356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-356-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-08-31T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html", }, { name: "ADV-2006-4283", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4283", }, { name: "25098", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25098", }, { name: "GLSA-200711-23", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200711-23.xml", }, { name: "25894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25894", }, { name: "RHSA-2007:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0469.html", }, { name: "ADV-2007-3229", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3229", }, { name: "APPLE-SA-2006-10-31", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html", }, { name: "28318", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/28318", }, { name: "1017138", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017138", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", }, { name: "oval:org.mitre.oval:def:10463", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463", }, { name: "RHSA-2007:0229", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0229.html", }, { name: "22662", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22662", }, { name: "25632", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25632", }, { name: "25934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25934", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=304669", }, { name: "ADV-2006-3433", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3433", }, { name: "26909", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26909", }, { name: "27706", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27706", }, { name: "21713", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21713", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", }, { name: "22205", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22205", }, { name: "19802", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/19802", }, { name: "20070602-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { name: "USN-356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-356-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-4146", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html", }, { name: "ADV-2006-4283", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/4283", }, { name: "25098", refsource: "SECUNIA", url: "http://secunia.com/advisories/25098", }, { name: "GLSA-200711-23", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200711-23.xml", }, { name: "25894", refsource: "SECUNIA", url: "http://secunia.com/advisories/25894", }, { name: "RHSA-2007:0469", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0469.html", }, { name: "ADV-2007-3229", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3229", }, { name: "APPLE-SA-2006-10-31", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html", }, { name: "28318", refsource: "OSVDB", url: "http://www.osvdb.org/28318", }, { name: "1017138", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017138", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", }, { name: "oval:org.mitre.oval:def:10463", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463", }, { name: "RHSA-2007:0229", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0229.html", }, { name: "22662", refsource: "SECUNIA", url: "http://secunia.com/advisories/22662", }, { name: "25632", refsource: "SECUNIA", url: "http://secunia.com/advisories/25632", }, { name: "25934", refsource: "SECUNIA", url: "http://secunia.com/advisories/25934", }, { name: "http://docs.info.apple.com/article.html?artnum=304669", refsource: "CONFIRM", url: "http://docs.info.apple.com/article.html?artnum=304669", }, { name: "ADV-2006-3433", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/3433", }, { name: "26909", refsource: "SECUNIA", url: "http://secunia.com/advisories/26909", }, { name: "27706", refsource: "SECUNIA", url: "http://secunia.com/advisories/27706", }, { name: "21713", refsource: "SECUNIA", url: "http://secunia.com/advisories/21713", }, { name: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", }, { name: "22205", refsource: "SECUNIA", url: "http://secunia.com/advisories/22205", }, { name: "19802", refsource: "BID", url: "http://www.securityfocus.com/bid/19802", }, { name: "20070602-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { name: "USN-356-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-356-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-4146", datePublished: "2006-08-31T22:00:00", dateReserved: "2006-08-15T00:00:00", dateUpdated: "2024-08-07T18:57:46.146Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39129
Vulnerability from cvelistv5
Published
2023-07-25 00:00
Modified
2024-10-24 14:10
Severity ?
EPSS score ?
Summary
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:05.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30640", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:gnu:gdb:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gdb", vendor: "gnu", versions: [ { status: "affected", version: "13.0.50.20220805-git", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39129", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T14:08:58.714252Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T14:10:49.318Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30640", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-39129", datePublished: "2023-07-25T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-10-24T14:10:49.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1705
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17072 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/18506 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2005-709.html | vendor-advisory, x_refsource_REDHAT | |
| http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-801.html | vendor-advisory, x_refsource_REDHAT | |
| http://bugs.gentoo.org/show_bug.cgi?id=88398 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200505-15.xml | vendor-advisory, x_refsource_GENTOO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 | vendor-advisory, x_refsource_MANDRAKE | |
| http://secunia.com/advisories/17356 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:59:24.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "17072", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17072", }, { name: "18506", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18506", }, { name: "RHSA-2005:709", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { name: "RHSA-2005:801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=88398", }, { name: "GLSA-200505-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { name: "oval:org.mitre.oval:def:11072", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072", }, { name: "MDKSA-2005:095", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { name: "17356", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17356", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-20T00:00:00", descriptions: [ { lang: "en", value: "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "17072", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17072", }, { name: "18506", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18506", }, { name: "RHSA-2005:709", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { name: "RHSA-2005:801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=88398", }, { name: "GLSA-200505-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { name: "oval:org.mitre.oval:def:11072", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072", }, { name: "MDKSA-2005:095", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { name: "17356", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17356", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-1705", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "17072", refsource: "SECUNIA", url: "http://secunia.com/advisories/17072", }, { name: "18506", refsource: "SECUNIA", url: "http://secunia.com/advisories/18506", }, { name: "RHSA-2005:709", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { name: "RHSA-2005:801", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { name: "http://bugs.gentoo.org/show_bug.cgi?id=88398", refsource: "CONFIRM", url: "http://bugs.gentoo.org/show_bug.cgi?id=88398", }, { name: "GLSA-200505-15", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { name: "oval:org.mitre.oval:def:11072", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072", }, { name: "MDKSA-2005:095", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { name: "17356", refsource: "SECUNIA", url: "http://secunia.com/advisories/17356", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-1705", datePublished: "2005-05-24T04:00:00", dateReserved: "2005-05-24T00:00:00", dateUpdated: "2024-08-07T21:59:24.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4355
Vulnerability from cvelistv5
Published
2013-03-04 21:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0522.html | vendor-advisory, x_refsource_REDHAT | |
| http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html | mailing-list, x_refsource_MLIST | |
| http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html | mailing-list, x_refsource_MLIST | |
| http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1028191 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:18.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0522", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0522.html", }, { name: "[gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html", }, { name: "[gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src", }, { name: "1028191", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1028191", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-04T21:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0522", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0522.html", }, { name: "[gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html", }, { name: "[gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src", }, { name: "1028191", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1028191", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4355", datePublished: "2013-03-04T21:00:00Z", dateReserved: "2011-11-04T00:00:00Z", dateUpdated: "2024-08-07T00:09:18.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1704
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:59:24.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "13697", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13697", }, { name: "17072", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17072", }, { name: "21122", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21122", }, { name: "2005-0025", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2005/0025/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", }, { name: "RHSA-2006:0368", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0368.html", }, { name: "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/464745/100/0/threaded", }, { name: "18506", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18506", }, { name: "CLA-2006:1060", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060", }, { name: "RHSA-2005:709", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { name: "ADV-2007-1267", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1267", }, { name: "21262", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21262", }, { name: "RHSA-2005:673", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-673.html", }, { name: "MDKSA-2005:215", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215", }, { name: "17001", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17001", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { name: "RHSA-2006:0354", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0354.html", }, { name: "RHSA-2005:801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { name: "RHSA-2005:763", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-763.html", }, { name: "24788", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24788", }, { name: "USN-136-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/136-1/", }, { name: "GLSA-200505-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { name: "GLSA-200506-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml", }, { name: "oval:org.mitre.oval:def:9071", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071", }, { name: "MDKSA-2005:095", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { name: "15527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15527", }, { name: "17257", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17257", }, { name: "17135", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17135", }, { name: "17356", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17356", }, { name: "1016544", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016544", }, { name: "17718", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17718", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=91398", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", }, { name: "16757", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/16757", }, { name: "21717", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21717", }, { name: "RHSA-2005:659", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-659.html", }, { name: "20060703-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-20T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "13697", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13697", }, { name: "17072", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17072", }, { name: "21122", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21122", }, { name: "2005-0025", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2005/0025/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", }, { name: "RHSA-2006:0368", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0368.html", }, { name: "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/464745/100/0/threaded", }, { name: "18506", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18506", }, { name: "CLA-2006:1060", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060", }, { name: "RHSA-2005:709", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { name: "ADV-2007-1267", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1267", }, { name: "21262", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21262", }, { name: "RHSA-2005:673", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-673.html", }, { name: "MDKSA-2005:215", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215", }, { name: "17001", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17001", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { name: "RHSA-2006:0354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0354.html", }, { name: "RHSA-2005:801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { name: "RHSA-2005:763", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-763.html", }, { name: "24788", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24788", }, { name: "USN-136-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/136-1/", }, { name: "GLSA-200505-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { name: "GLSA-200506-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml", }, { name: "oval:org.mitre.oval:def:9071", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071", }, { name: "MDKSA-2005:095", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { name: "15527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15527", }, { name: "17257", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17257", }, { name: "17135", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17135", }, { name: "17356", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17356", }, { name: "1016544", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016544", }, { name: "17718", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17718", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=91398", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", }, { name: "16757", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/16757", }, { name: "21717", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21717", }, { name: "RHSA-2005:659", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-659.html", }, { name: "20060703-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-1704", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "13697", refsource: "BID", url: "http://www.securityfocus.com/bid/13697", }, { name: "17072", refsource: "SECUNIA", url: "http://secunia.com/advisories/17072", }, { name: "21122", refsource: "SECUNIA", url: "http://secunia.com/advisories/21122", }, { name: "2005-0025", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2005/0025/", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", }, { name: "RHSA-2006:0368", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2006-0368.html", }, { name: "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/464745/100/0/threaded", }, { name: "18506", refsource: "SECUNIA", url: "http://secunia.com/advisories/18506", }, { name: "CLA-2006:1060", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060", }, { name: "RHSA-2005:709", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { name: "ADV-2007-1267", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1267", }, { name: "21262", refsource: "SECUNIA", url: "http://secunia.com/advisories/21262", }, { name: "RHSA-2005:673", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-673.html", }, { name: "MDKSA-2005:215", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215", }, { name: "17001", refsource: "SECUNIA", url: "http://secunia.com/advisories/17001", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { name: "RHSA-2006:0354", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2006-0354.html", }, { name: "RHSA-2005:801", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { name: "RHSA-2005:763", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-763.html", }, { name: "24788", refsource: "SECUNIA", url: "http://secunia.com/advisories/24788", }, { name: "USN-136-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/136-1/", }, { name: "GLSA-200505-15", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { name: "GLSA-200506-01", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml", }, { name: "oval:org.mitre.oval:def:9071", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071", }, { name: "MDKSA-2005:095", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { name: "15527", refsource: "SECUNIA", url: "http://secunia.com/advisories/15527", }, { name: "17257", refsource: "SECUNIA", url: "http://secunia.com/advisories/17257", }, { name: "17135", refsource: "SECUNIA", url: "http://secunia.com/advisories/17135", }, { name: "17356", refsource: "SECUNIA", url: "http://secunia.com/advisories/17356", }, { name: "1016544", refsource: "SECTRACK", url: "http://securitytracker.com/id?1016544", }, { name: "17718", refsource: "SECUNIA", url: "http://secunia.com/advisories/17718", }, { name: "http://bugs.gentoo.org/show_bug.cgi?id=91398", refsource: "CONFIRM", url: "http://bugs.gentoo.org/show_bug.cgi?id=91398", }, { name: "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", refsource: "CONFIRM", url: "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", }, { name: "16757", refsource: "OSVDB", url: "http://www.osvdb.org/16757", }, { name: "21717", refsource: "SECUNIA", url: "http://secunia.com/advisories/21717", }, { name: "RHSA-2005:659", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-659.html", }, { name: "20060703-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-1704", datePublished: "2005-05-24T04:00:00", dateReserved: "2005-05-24T00:00:00", dateUpdated: "2024-08-07T21:59:24.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39130
Vulnerability from cvelistv5
Published
2023-07-25 00:00
Modified
2024-10-24 14:11
Severity ?
EPSS score ?
Summary
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30641", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:gnu:gdb:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gdb", vendor: "gnu", versions: [ { status: "affected", version: "13.0.50.20220805-git", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39130", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T14:08:38.678394Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T14:11:30.406Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30641", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-39130", datePublished: "2023-07-25T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-10-24T14:11:30.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2006-08-31 22:04
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:6.5:*:*:*:*:*:*:*", matchCriteriaId: "3AF78BF4-DAE9-4BA2-8146-0DAABEBFB9B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.", }, { lang: "es", value: "Desbordamiento de búfer en el código de depuración (1) DWARF (dwarfread.c) y (2) DWARF2 (dwarf2read.c) en GNU Debugger (GDB) 6.5 permite a atacantes con la intervención del usuario, o a usuarios restringidos, ejecutar código de su elección mediante un archivo creado artesanalmente con un bloque de posición (DW_FORM_block) que contenga un gran número de operaciones.", }, ], id: "CVE-2006-4146", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2006-08-31T22:04:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { source: "cve@mitre.org", url: "http://docs.info.apple.com/article.html?artnum=304669", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21713", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/22205", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/22662", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25098", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25632", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25894", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25934", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26909", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27706", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200711-23.xml", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017138", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/28318", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0229.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0469.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/19802", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-356-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/3433", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/4283", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3229", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://docs.info.apple.com/article.html?artnum=304669", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/22205", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/22662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200711-23.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/28318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0229.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0469.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/19802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-356-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/3433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/4283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Updates to address this issue are available for Red Hat Enterprise Linux 3 and 4:\nhttps://rhn.redhat.com/cve/CVE-2006-4146.html\n\nRed Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch.", lastModified: "2009-06-01T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=30639 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=30639 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:13.0.50.20220805-git:*:*:*:*:*:*:*", matchCriteriaId: "6BA8637C-7AB1-444C-89BB-DC9E196701A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.", }, ], id: "CVE-2023-39128", lastModified: "2024-11-21T08:14:46.273", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-25T19:15:11.740", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30639", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=30641 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=30641 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:13.0.50.20220805-git:*:*:*:*:*:*:*", matchCriteriaId: "6BA8637C-7AB1-444C-89BB-DC9E196701A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.", }, ], id: "CVE-2023-39130", lastModified: "2024-11-21T08:14:46.580", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-25T19:15:11.857", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30641", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-24 13:15
Modified
2024-11-21 04:18
Severity ?
Summary
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*", matchCriteriaId: "2855B0DE-972E-4536-9D6E-3C57C4253177", versionEndExcluding: "9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", }, { lang: "es", value: "GNU gdb Todas las versiones se ven afectadas por: Desbordamiento de búfer - Acceso a memoria fuera de enlace. El impacto es: Denegación de servicio, Divulgación de memoria y Posible ejecución de código. El componente es: El módulo principal de gdb. El vector de ataque es: Abra un ELF para la depuración. La versión arregladas es: Aún no está arreglada.", }, ], id: "CVE-2019-1010180", lastModified: "2024-11-21T04:18:01.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-24T13:15:10.997", references: [ { source: "josh@bress.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", }, { source: "josh@bress.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", }, { source: "josh@bress.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", }, { source: "josh@bress.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", }, { source: "josh@bress.net", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109367", }, { source: "josh@bress.net", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-31", }, { source: "josh@bress.net", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", }, ], sourceIdentifier: "josh@bress.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:*:r2:*:*:*:*:*:*", matchCriteriaId: "54381A01-33D2-4B69-9E03-162E37081E06", versionEndIncluding: "6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.", }, ], id: "CVE-2005-1705", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-24T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.gentoo.org/show_bug.cgi?id=88398", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/17072", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/17356", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/18506", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.gentoo.org/show_bug.cgi?id=88398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/17072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-21 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99244 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=21600 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99244 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=21600 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*", matchCriteriaId: "E1292783-2ED5-493B-9172-73DE7BD07FBB", versionEndIncluding: "8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", }, { lang: "es", value: "GNU Debugger (GDB) en versiones 8.0 y anteriores no detecta un campo de longitud negativa en una sección DWARF. Una sección mal formada en un binario ELF o un archivo core puede hacer que GDB asigne memoria repetidamente hasta que se alcance el límite de un proceso. Esto puede, por ejemplo, evitar que se analice malware con GDB.", }, ], id: "CVE-2017-9778", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-21T07:29:00.367", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99244", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=21600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=21600", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:*:r2:*:*:*:*:*:*", matchCriteriaId: "54381A01-33D2-4B69-9E03-162E37081E06", versionEndIncluding: "6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.", }, ], id: "CVE-2005-1704", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-24T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", }, { source: "cve@mitre.org", url: "http://bugs.gentoo.org/show_bug.cgi?id=91398", }, { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/15527", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17001", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17072", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17135", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17257", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17356", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17718", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/18506", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21122", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21262", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21717", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24788", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1016544", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/16757", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-659.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-673.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-763.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2006-0354.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2006-0368.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/464745/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/13697", }, { source: "cve@mitre.org", url: "http://www.trustix.org/errata/2005/0025/", }, { source: "cve@mitre.org", url: "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1267", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/136-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.gentoo.org/show_bug.cgi?id=91398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/15527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/17718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21262", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200505-15.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1016544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/16757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-659.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-673.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-709.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-763.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2006-0354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2006-0368.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/464745/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/13697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2005/0025/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/136-1/", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-05 21:38
Modified
2025-04-11 00:51
Severity ?
Summary
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gdb | * | |
| gnu | gdb | 4.18 | |
| gnu | gdb | 5.0 | |
| gnu | gdb | 5.0.92 | |
| gnu | gdb | 5.0.93 | |
| gnu | gdb | 5.1 | |
| gnu | gdb | 5.1.1 | |
| gnu | gdb | 5.2 | |
| gnu | gdb | 5.2.1 | |
| gnu | gdb | 5.3 | |
| gnu | gdb | 6.0 | |
| gnu | gdb | 6.1 | |
| gnu | gdb | 6.1.1 | |
| gnu | gdb | 6.2 | |
| gnu | gdb | 6.2.1 | |
| gnu | gdb | 6.3 | |
| gnu | gdb | 6.4 | |
| gnu | gdb | 6.5 | |
| gnu | gdb | 6.6 | |
| gnu | gdb | 6.7 | |
| gnu | gdb | 6.7.1 | |
| gnu | gdb | 6.8 | |
| gnu | gdb | 7.0 | |
| gnu | gdb | 7.0.1 | |
| gnu | gdb | 7.1 | |
| gnu | gdb | 7.2 | |
| gnu | gdb | 7.3 | |
| gnu | gdb | 7.3.1 | |
| gnu | gdb | 7.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*", matchCriteriaId: "00292181-9124-4455-8D89-4DA98B18D55F", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:4.18:*:*:*:*:*:*:*", matchCriteriaId: "1DFDC526-7E5F-4A20-8E57-B66F1D38DE05", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.0:*:*:*:*:*:*:*", matchCriteriaId: "16D34C25-D05C-451C-88E2-24F81FCAC422", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.0.92:*:*:*:*:*:*:*", matchCriteriaId: "E446F5DE-2CE0-4BCB-90E2-7784C1B7FF87", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.0.93:*:*:*:*:*:*:*", matchCriteriaId: "5AA539B4-EECD-4ACA-A6A0-CC2F227327F3", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.1:*:*:*:*:*:*:*", matchCriteriaId: "CFDA6059-74D7-42F8-9050-4FE799BC5493", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7D1FF5DD-EA08-42BE-B15F-77471A789E41", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.2:*:*:*:*:*:*:*", matchCriteriaId: "79450E0C-9A5E-4B7B-A3C0-62EB53F88402", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "9B398336-87F4-4230-AECF-B171F1D35B55", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:5.3:*:*:*:*:*:*:*", matchCriteriaId: "0EC829F2-A2EA-4D9F-9C1C-CA601A6B913C", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.0:*:*:*:*:*:*:*", matchCriteriaId: "476AE5E9-497C-487F-BF1B-D6A71E768E82", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6EFF01B6-4DBE-4E1E-A3DD-761D255B6457", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "96463304-7618-4DC4-BC7F-20C8BB867115", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.2:*:*:*:*:*:*:*", matchCriteriaId: "D90AB7BE-2537-4E43-B156-BDCD637A7CFE", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0A3D4325-5DCA-4C46-974E-888028ABCC64", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.3:*:*:*:*:*:*:*", matchCriteriaId: "BECA9331-7A36-42A0-AEE9-E7C2E8180AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.4:*:*:*:*:*:*:*", matchCriteriaId: "B5C0145F-191A-483A-A3F0-6E6935F04B32", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.5:*:*:*:*:*:*:*", matchCriteriaId: "3AF78BF4-DAE9-4BA2-8146-0DAABEBFB9B1", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.6:*:*:*:*:*:*:*", matchCriteriaId: "62785B32-8CEA-45D1-88B8-F43C55B9FE00", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.7:*:*:*:*:*:*:*", matchCriteriaId: "63EB885C-5FAE-4F70-90EC-5851EEDADB24", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.7.1:*:*:*:*:*:*:*", matchCriteriaId: "B764BB01-D369-4380-AAF3-10CDD25CE28D", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:6.8:*:*:*:*:*:*:*", matchCriteriaId: "C56500AB-7F96-4708-8C17-11CDF97770D0", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.0:*:*:*:*:*:*:*", matchCriteriaId: "46D9CAAB-5BFD-4E2B-88A0-3101E7A9696A", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8E9E8E80-C8E7-41B7-94B0-EE4D7926193B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.1:*:*:*:*:*:*:*", matchCriteriaId: "AB6DB5FA-DD3D-4C0D-BA11-EF7DF9E18702", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.2:*:*:*:*:*:*:*", matchCriteriaId: "3E10B8AA-22C9-48AC-89F6-A68ADB51F956", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.3:*:*:*:*:*:*:*", matchCriteriaId: "80C4BFA4-642F-48FB-8EA1-533C3A2F5322", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.3.1:*:*:*:*:*:*:*", matchCriteriaId: "DD613C2F-98F9-4C0D-98E8-B04E0437B248", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:gdb:7.4:*:*:*:*:*:*:*", matchCriteriaId: "FA3AB084-7C89-44CA-9B56-BA061430DF3E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.", }, { lang: "es", value: "GNU Project Debugger (GDB) anterior a v7.5, cuando se define .debug_gdb_scripts, carga automáticamente ciertos archivos en el directorio de trabajo actual, permitiendo a usuarios locales obtener privilegios a través de ficheros elaborados, tales como scripts en Python.", }, ], id: "CVE-2011-4355", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-05T21:38:53.887", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0522.html", }, { source: "secalert@redhat.com", url: "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src", }, { source: "secalert@redhat.com", url: "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html", }, { source: "secalert@redhat.com", url: "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1028191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0522.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1028191", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=30640 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=30640 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gdb:13.0.50.20220805-git:*:*:*:*:*:*:*", matchCriteriaId: "6BA8637C-7AB1-444C-89BB-DC9E196701A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.", }, ], id: "CVE-2023-39129", lastModified: "2024-11-21T08:14:46.427", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-25T19:15:11.800", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=30640", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }