5.1

CVE-2006-4146

Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGdb Version6.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.23% 0.866
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/25894
Vendor Advisory
http://secunia.com/advisories/26909
Vendor Advisory
http://secunia.com/advisories/27706
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200711-23.xml
http://www.vupen.com/english/advisories/2007/3229
http://secunia.com/advisories/25098
Vendor Advisory
http://docs.info.apple.com/article.html?artnum=304669
http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html
http://secunia.com/advisories/21713
Vendor Advisory
http://secunia.com/advisories/22205
Vendor Advisory
http://secunia.com/advisories/22662
Vendor Advisory
http://secunia.com/advisories/25632
Vendor Advisory
http://secunia.com/advisories/25934
Vendor Advisory
http://securitytracker.com/id?1017138
http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm
http://www.osvdb.org/28318
http://www.redhat.com/support/errata/RHSA-2007-0229.html
http://www.redhat.com/support/errata/RHSA-2007-0469.html
http://www.securityfocus.com/bid/19802
http://www.ubuntu.com/usn/usn-356-1
http://www.vupen.com/english/advisories/2006/3433
http://www.vupen.com/english/advisories/2006/4283
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463