CVE-2023-39129Use After Free in GDB

CWE-416Use After FreeCWE-122Heap-based Buffer Overflow7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU GDB
Timeline
PublishedJul 25

Description

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDgnu/gdb13.0.50.20220805-git

🔴Vulnerability Details

3
OSV
CVE-2023-39129: GNU gdb (GDB) 132023-07-25
CVEList
CVE-2023-39129: GNU gdb (GDB) 132023-07-25
GHSA
GHSA-295v-hjgh-6c75: GNU gdb (GDB) 132023-07-25

📋Vendor Advisories

3
Red Hat
gdb: heap-use-after-free /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:137:272023-07-25
Microsoft
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.2023-07-11
Debian
CVE-2023-39129: gdb - GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after fr...2023
CVE-2023-39129 — Use After Free in GNU GDB | cvebase