CVE-2019-1010180
CVE-2019-1010180
In short
GNU gdb has a buffer overflow vulnerability when opening ELF files for debugging. An attacker can crash the debugger, leak memory, or potentially execute code by providing a specially crafted ELF file.
Technical detail
A buffer overflow vulnerability in GNU gdb's ELF parsing module allows out-of-bounds memory access when opening malicious ELF files. Attack vector requires user interaction (opening a file in gdb); impact includes denial of service, information disclosure, and potential arbitrary code execution in the context of the debugger process.
Summary generated and translated by AI from the official description.
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
Affected products
GNU · gdbWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.htmlhttps://security.gentoo.org/glsa/202003-31https://sourceware.org/bugzilla/show_bug.cgi?id=23657http://www.securityfocus.com/bid/109367