CVE-2017-9778

CWE-20Improper Input ValidationCWE-770Allocation without LimitsCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 46.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU GDB
Timeline
PublishedJun 21
Latest updateMay 13

Description

GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangdb< 8.3.1-1+3
NVDgnu/gdb8.0

🔴Vulnerability Details

3
GHSA
GHSA-hmmq-v5m7-8j9w: GNU Debugger (GDB) 82022-05-13
OSV
CVE-2017-9778: GNU Debugger (GDB) 82017-06-21
CVEList
CVE-2017-9778: GNU Debugger (GDB) 82017-06-21

📋Vendor Advisories

2
Red Hat
gdb: Malformed section in an ELF binary or a core file can cause memory exhaustion2017-06-15
Debian
CVE-2017-9778: gdb - GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a ...2017

💬Community

2
Bugzilla
CVE-2017-9778 gdb: Malformed section in an ELF binary or a core file can cause memory exhaustion2017-06-29
Bugzilla
CVE-2017-9778 gdb: Malformed section in an ELF binary or a core file can cause memory exhaustion [fedora-all]2017-06-29
CVE-2017-9778 (MEDIUM CVSS 5.5) | GNU Debugger (GDB) 8.0 and earlier | cvebase.io