Heap Buffer Overflow in GNU gdb Affects Multiple Versions
CVE-2023-39130

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Gdb
Vendor: CVE Published:; 25 July 2023

What is CVE-2023-39130?

The GNU gdb (GDB) debugging tool is susceptible to a heap buffer overflow, particularly within the function pe_as16(). This vulnerability, found in the source code located at /gdb/coff-pe-read.c, may allow an attacker to exploit memory allocation issues, potentially leading to arbitrary code execution. Developers and users are advised to consult relevant security patches to mitigate this risk and ensure the integrity of their systems.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=30641

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Jul 25, 2023

Gnu

What is CVE-2023-39130?

References

CVSS V3.1

Timeline