Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

gdb: Buffer overflow — GLSA 202003-31

A buffer overflow in gdb might allow a remote attacker to cause a Denial of Service condition.

Affected packages

Package sys-devel/gdb on all architectures
Affected versions < 9.1
Unaffected versions >= 9.1

Background

gdb is the GNU project’s debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats.

Description

It was discovered that gdb didn’t properly validate the ELF section sizes from input file.

Impact

A remote attacker could entice a user to open a specially crafted ELF binary using gdb, possibly resulting in information disclosure or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All gdb users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-devel/gdb-9.1"

References

Release date
March 15, 2020

Latest revision
March 15, 2020: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries