Candidate: CVE-2019-1010180
PublicDate: 2019-07-24 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010180
Description:
 GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory
 access. The impact is: Deny of Service, Memory Disclosure, and Possible
 Code Execution. The component is: The main gdb module. The attack vector
 is: Open an ELF for debugging. The fixed version is: Not fixed yet.
Ubuntu-Description:
Notes:
 leosilva> the patch only prints a warning about the issue, it does not
 leosilva> fix it.
Bugs:
 https://sourceware.org/bugzilla/show_bug.cgi?id=23657
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_gdb:
 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ff71a9c80cfcf64c54d4ae938c644b1b1ea19fb
upstream_gdb: needs-triage
precise/esm_gdb: DNE
trusty_gdb: ignored (out of standard support)
trusty/esm_gdb: DNE
xenial_gdb: ignored (end of standard support, was needed)
esm-infra/xenial_gdb: needed
bionic_gdb: needed
disco_gdb: not-affected (8.2.91.20190405-0ubuntu3)
eoan_gdb: not-affected (8.3-0ubuntu1)
focal_gdb: not-affected (8.3-0ubuntu1)
groovy_gdb: not-affected (8.3-0ubuntu1)
hirsute_gdb: not-affected (8.3-0ubuntu1)
impish_gdb: not-affected (8.3-0ubuntu1)
jammy_gdb: not-affected (8.3-0ubuntu1)
devel_gdb: not-affected (8.3-0ubuntu1)