A buffer overflow in gdb might allow a remote attacker to cause a Denial of Service condition.
|Package||sys-devel/gdb on all architectures|
|Affected versions||< 9.1|
|Unaffected versions||>= 9.1|
gdb is the GNU project’s debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats.
It was discovered that gdb didn’t properly validate the ELF section sizes from input file.
A remote attacker could entice a user to open a specially crafted ELF binary using gdb, possibly resulting in information disclosure or a Denial of Service condition.
There is no known workaround at this time.
All gdb users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/gdb-9.1"
March 15, 2020
March 15, 2020: 1