SB2024040137 - SUSE update for gdb
Published: April 1, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-16829)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the elf-properties.c function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed file. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
2) Improper input validation (CVE-ID: CVE-2018-7208)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the coff_pointerize_aux function in the coffgen.c source code due to insufficient validation of an index. A remote attacker can create a specially crafted COFF file, trick the victim into opening it, trigger a segmentation fault and cause the service to crash.
3) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-4806)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to authorization bypass through user-controlled key. A remote user can bypass implemented security restrictions.
Remediation
Install update from vendor's website.