Gnu Gdb vulnerabilities

CVE-2023-39128 [MEDIUM] CWE-787 CVE-2023-39128: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_d GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

CVE-2023-39129 [MEDIUM] CWE-416 CVE-2023-39129: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

CVE-2023-39130 [MEDIUM] CWE-787 CVE-2023-39130: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

CVE-2019-1010180 [HIGH] CWE-125 CVE-2019-1010180: GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: De GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

CVE-2017-9778 [MEDIUM] CWE-20 CVE-2017-9778: GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A mal GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.

CVE-2011-4355 [MEDIUM] CWE-264 CVE-2011-4355: GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certa GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

CVE-2006-4146 [MEDIUM] CWE-119 CVE-2006-4146: Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU D Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.

CVE-2005-1705 [HIGH] CVE-2005-1705: gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.

CVE-2005-1704 [MEDIUM] CWE-189 CVE-2005-1704: Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.