Memory Allocation Flaw in GNU Debugger Affects Linux Systems
CVE-2017-9778

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Gdb
Vendor: CVE Published:; 21 June 2017

Summary

The GNU Debugger (GDB) version 8.0 and prior versions contain a vulnerability that fails to properly detect a negative length field within a DWARF section. This oversight can allow for a malformed section in an ELF binary or core file to initiate a loop of memory allocation, which may quickly exhaust process limits. Such behavior hinders the ability to effectively analyze malware using GDB or could lead to service interruptions on the host system.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=21600

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99244

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2017
Vulnerability Reserved
Jun 21, 2017