usn-6842-1
Vulnerability from osv_ubuntu
It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285)
It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-1972)
It was discovered that gdb incorrectly handled memory leading to a stack overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39128)
It was discovered that gdb had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39129)
It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39130)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-4285",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-1972",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39128",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39129",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39130",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gdb",
"binary_version": "7.11.1-0ubuntu1~16.5+esm1"
},
{
"binary_name": "gdb-multiarch",
"binary_version": "7.11.1-0ubuntu1~16.5+esm1"
},
{
"binary_name": "gdb-source",
"binary_version": "7.11.1-0ubuntu1~16.5+esm1"
},
{
"binary_name": "gdb64",
"binary_version": "7.11.1-0ubuntu1~16.5+esm1"
},
{
"binary_name": "gdbserver",
"binary_version": "7.11.1-0ubuntu1~16.5+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gdb",
"purl": "pkg:deb/ubuntu/gdb@7.11.1-0ubuntu1~16.5+esm1?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.11.1-0ubuntu1~16.5+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.10-1ubuntu2",
"7.10-1ubuntu3",
"7.10.1-0ubuntu1",
"7.10.90.20160215-0ubuntu2",
"7.10.90.20160220-0ubuntu1",
"7.11-0ubuntu1",
"7.11.1-0ubuntu1~16.04",
"7.11.1-0ubuntu1~16.5"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-4285",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-1972",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39128",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39129",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39130",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gdb",
"binary_version": "8.1.1-0ubuntu1+esm1"
},
{
"binary_name": "gdb-multiarch",
"binary_version": "8.1.1-0ubuntu1+esm1"
},
{
"binary_name": "gdb-source",
"binary_version": "8.1.1-0ubuntu1+esm1"
},
{
"binary_name": "gdbserver",
"binary_version": "8.1.1-0ubuntu1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gdb",
"purl": "pkg:deb/ubuntu/gdb@8.1.1-0ubuntu1+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.1-0ubuntu1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.1-0ubuntu1",
"8.0.1-0ubuntu2",
"8.0.1-0ubuntu3",
"8.1-0ubuntu1",
"8.1-0ubuntu2",
"8.1-0ubuntu3",
"8.1-0ubuntu3.1",
"8.1-0ubuntu3.2",
"8.1.1-0ubuntu1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-4285",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-1972",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39128",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39129",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39130",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gdb",
"binary_version": "9.2-0ubuntu1~20.04.2"
},
{
"binary_name": "gdb-multiarch",
"binary_version": "9.2-0ubuntu1~20.04.2"
},
{
"binary_name": "gdb-source",
"binary_version": "9.2-0ubuntu1~20.04.2"
},
{
"binary_name": "gdbserver",
"binary_version": "9.2-0ubuntu1~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gdb",
"purl": "pkg:deb/ubuntu/gdb@9.2-0ubuntu1~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2-0ubuntu1~20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3-0ubuntu1",
"9.0.50.20191019-0ubuntu1",
"9.0.50.20191119-0ubuntu1",
"9.0.90.20191216-0ubuntu1",
"9.0.90.20200105-0ubuntu1",
"9.0.90.20200117-0ubuntu1",
"9.1-0ubuntu1",
"9.2-0ubuntu1~20.04",
"9.2-0ubuntu1~20.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-4285",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-1972",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39128",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39129",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39130",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gdb",
"binary_version": "12.1-0ubuntu1~22.04.2"
},
{
"binary_name": "gdb-multiarch",
"binary_version": "12.1-0ubuntu1~22.04.2"
},
{
"binary_name": "gdb-source",
"binary_version": "12.1-0ubuntu1~22.04.2"
},
{
"binary_name": "gdbserver",
"binary_version": "12.1-0ubuntu1~22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gdb",
"purl": "pkg:deb/ubuntu/gdb@12.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"11.1-0ubuntu2",
"11.1-0ubuntu3",
"11.2-0ubuntu1",
"12.0.50.20220217-0ubuntu1",
"12.0.90-0ubuntu1",
"12.1-0ubuntu1~22.04"
]
}
],
"aliases": [],
"details": "It was discovered that gdb incorrectly handled certain memory operations\nwhen parsing an ELF file. An attacker could possibly use this issue\nto cause a denial of service. This issue is the result of an\nincomplete fix for CVE-2020-16599. This issue only affected\nUbuntu 22.04 LTS. (CVE-2022-4285)\n\nIt was discovered that gdb incorrectly handled memory leading\nto a heap based buffer overflow. An attacker could use this \nissue to cause a denial of service, or possibly execute \narbitrary code. This issue only affected Ubuntu 22.04 LTS. \n(CVE-2023-1972)\n\nIt was discovered that gdb incorrectly handled memory leading\nto a stack overflow. An attacker could possibly use this issue\nto cause a denial of service. This issue only affected \nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. \n(CVE-2023-39128)\n\nIt was discovered that gdb had a use after free vulnerability\nunder certain circumstances. An attacker could use this to cause \na denial of service or possibly execute arbitrary code. This issue \nonly affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS \nand Ubuntu 22.04 LTS. (CVE-2023-39129)\n\nIt was discovered that gdb incorrectly handled memory leading to a \nheap based buffer overflow. An attacker could use this issue to cause\na denial of service, or possibly execute arbitrary code. This issue \nonly affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2023-39130)\n",
"id": "USN-6842-1",
"modified": "2026-06-25T10:46:24Z",
"published": "2024-06-20T06:07:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6842-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-4285"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-1972"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-39128"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-39129"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-39130"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "gdb vulnerabilities",
"upstream": [
"UBUNTU-CVE-2022-4285",
"UBUNTU-CVE-2023-1972",
"UBUNTU-CVE-2023-39128",
"UBUNTU-CVE-2023-39129",
"UBUNTU-CVE-2023-39130"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.