{"id":"USN-6842-1","summary":"gdb vulnerabilities","details":"It was discovered that gdb incorrectly handled certain memory operations\nwhen parsing an ELF file. An attacker could possibly use this issue\nto cause a denial of service. This issue is the result of an\nincomplete fix for CVE-2020-16599. This issue only affected\nUbuntu 22.04 LTS. (CVE-2022-4285)\n\nIt was discovered that gdb incorrectly handled memory leading\nto a heap based buffer overflow. An attacker could use this \nissue to cause a denial of service, or possibly execute \narbitrary code. This issue only affected Ubuntu 22.04 LTS. \n(CVE-2023-1972)\n\nIt was discovered that gdb incorrectly handled memory leading\nto a stack overflow. An attacker could possibly use this issue\nto cause a denial of service. This issue only affected \nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. \n(CVE-2023-39128)\n\nIt was discovered that gdb had a use after free vulnerability\nunder certain circumstances. An attacker could use this to cause \na denial of service or possibly execute arbitrary code. This issue \nonly affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS \nand Ubuntu 22.04 LTS. (CVE-2023-39129)\n\nIt was discovered that gdb incorrectly handled memory leading to a \nheap based buffer overflow. An attacker could use this issue to cause\na denial of service, or possibly execute arbitrary code. This issue \nonly affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2023-39130)\n","modified":"2026-02-10T04:44:20Z","published":"2024-06-20T06:07:08Z","related":["UBUNTU-CVE-2022-4285","UBUNTU-CVE-2023-1972","UBUNTU-CVE-2023-39128","UBUNTU-CVE-2023-39129","UBUNTU-CVE-2023-39130"],"upstream":["CVE-2022-4285","CVE-2023-1972","CVE-2023-39128","CVE-2023-39129","CVE-2023-39130","UBUNTU-CVE-2022-4285","UBUNTU-CVE-2023-1972","UBUNTU-CVE-2023-39128","UBUNTU-CVE-2023-39129","UBUNTU-CVE-2023-39130"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6842-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4285"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1972"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-39128"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-39129"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-39130"}],"affected":[{"package":{"name":"gdb","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gdb@7.11.1-0ubuntu1~16.5+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.11.1-0ubuntu1~16.5+esm1"}]}],"versions":["7.10-1ubuntu2","7.10-1ubuntu3","7.10.1-0ubuntu1","7.10.90.20160215-0ubuntu2","7.10.90.20160220-0ubuntu1","7.11-0ubuntu1","7.11.1-0ubuntu1~16.04","7.11.1-0ubuntu1~16.5"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"gdb","binary_version":"7.11.1-0ubuntu1~16.5+esm1"},{"binary_name":"gdb-multiarch","binary_version":"7.11.1-0ubuntu1~16.5+esm1"},{"binary_name":"gdb-source","binary_version":"7.11.1-0ubuntu1~16.5+esm1"},{"binary_name":"gdb64","binary_version":"7.11.1-0ubuntu1~16.5+esm1"},{"binary_name":"gdbserver","binary_version":"7.11.1-0ubuntu1~16.5+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6842-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-4285"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1972"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39128"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39129"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39130"}]}}},{"package":{"name":"gdb","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gdb@8.1.1-0ubuntu1+esm1?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.1-0ubuntu1+esm1"}]}],"versions":["8.0.1-0ubuntu1","8.0.1-0ubuntu2","8.0.1-0ubuntu3","8.1-0ubuntu1","8.1-0ubuntu2","8.1-0ubuntu3","8.1-0ubuntu3.1","8.1-0ubuntu3.2","8.1.1-0ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"gdb","binary_version":"8.1.1-0ubuntu1+esm1"},{"binary_name":"gdb-multiarch","binary_version":"8.1.1-0ubuntu1+esm1"},{"binary_name":"gdb-source","binary_version":"8.1.1-0ubuntu1+esm1"},{"binary_name":"gdbserver","binary_version":"8.1.1-0ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6842-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-4285"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1972"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39128"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39129"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39130"}]}}},{"package":{"name":"gdb","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/gdb@9.2-0ubuntu1~20.04.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2-0ubuntu1~20.04.2"}]}],"versions":["8.3-0ubuntu1","9.0.50.20191019-0ubuntu1","9.0.50.20191119-0ubuntu1","9.0.90.20191216-0ubuntu1","9.0.90.20200105-0ubuntu1","9.0.90.20200117-0ubuntu1","9.1-0ubuntu1","9.2-0ubuntu1~20.04","9.2-0ubuntu1~20.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"gdb","binary_version":"9.2-0ubuntu1~20.04.2"},{"binary_name":"gdb-multiarch","binary_version":"9.2-0ubuntu1~20.04.2"},{"binary_name":"gdb-source","binary_version":"9.2-0ubuntu1~20.04.2"},{"binary_name":"gdbserver","binary_version":"9.2-0ubuntu1~20.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6842-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-4285"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1972"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39128"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39129"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39130"}]}}},{"package":{"name":"gdb","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gdb@12.1-0ubuntu1~22.04.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.1-0ubuntu1~22.04.2"}]}],"versions":["11.1-0ubuntu2","11.1-0ubuntu3","11.2-0ubuntu1","12.0.50.20220217-0ubuntu1","12.0.90-0ubuntu1","12.1-0ubuntu1~22.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"gdb","binary_version":"12.1-0ubuntu1~22.04.2"},{"binary_name":"gdb-multiarch","binary_version":"12.1-0ubuntu1~22.04.2"},{"binary_name":"gdb-source","binary_version":"12.1-0ubuntu1~22.04.2"},{"binary_name":"gdbserver","binary_version":"12.1-0ubuntu1~22.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6842-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-4285"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1972"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39128"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39129"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-39130"}]}}}],"schema_version":"1.7.3"}